在 CUWN 中使用 Cisco aIOS WGB 和 EAP-TLS 驗證
目錄
簡介
此範例顯示如何在思科整合無線網路(CUWN)中設定和使用在工作組橋接器(WGB)模式下使用EAP-TLS驗證的自治IOS(aIOS)AP。 在本例中,Microsoft證書頒發機構(Windows 2003)頒發了WGB的證書,並且通過複製貼上方法,這些證書在WGB上手動輸入。ACS充當RADIUS伺服器。使用具有802.1X金鑰管理的WPA1/TKIP加密。
必要條件
需求
嘗試此組態之前,請確保符合以下要求:
-
思科自主解決方案和基於Cisco IOS的接入點知識。
-
輕量型存取點通訊協定(LWAPP)知識
採用元件
本文中的資訊係根據以下軟體和硬體版本:
-
執行Cisco IOS®軟體版本12.4(10b)JA2的WGB
使用Cisco IOS軟體版本12.4(10b)JA2或更新版本非常重要,原因如下:
-
思科漏洞ID CSCsl85710(僅供註冊客戶使用)— 802.11a WGB無法禁用DFS通道或啟用「移動站」
-
思科錯誤ID CSCsl85798(僅限註冊客戶) — 在DFS事件之後,WGB不會重新掃描
-
思科錯誤ID CSCsm37686(僅供註冊客戶使用) — 為僅TKIP配置的WGB無法與(WPA+TKIP)+(WPA2+AES)相關聯
-
思科錯誤ID CSCsk85945(僅限註冊客戶)- WPA1 WGB無法與WPA1+WPA2 WLAN關聯
-
思科錯誤ID CSCsk52437(僅限註冊客戶) — 當AP離開通道時,WGB重新傳輸失敗
-
思科錯誤ID CSCsb85791(僅供註冊客戶使用) — 新映像安裝後立即發生1130故障
-
思科錯誤ID CSCsk63882(僅限註冊客戶) — 當基於12.4的802.11 AP啟動時,出現錯誤ID和回溯錯誤
-
思科錯誤ID CSCsl36227(僅限註冊客戶)- WGB上的回溯:%SM-4-BADEVENT:事件「eapResp」無效
-
思科錯誤ID CSCsl46209(僅供註冊客戶使用)—WGB 1242 11g無線電在重置時停滯,停止傳輸
-
思科錯誤ID CSCsl58071(僅供註冊客戶使用)- WGB在EAP-TLS中間歇性需要較長時間重新進行身份驗證
-
-
執行4.2.99.0版的WLC
使用4.1.185.0或更高版本非常重要,原因如下:
-
思科錯誤ID CSCsk41360(僅限註冊客戶) — 控制器在收到EAPOL後繼續處理EAPOL註銷
-
注意:您必須是註冊客戶,才能檢視錯誤的詳細資訊。
ACS正在運行4.1;ca運行的是Microsoft Windows 2003 Advanced Server SP1。在任何情況下,當您瀏覽到CA時,客戶端瀏覽器都是啟用了Active X的Internet Explorer。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
慣例
組態概觀
-
-
根據需要設定主機名、域名和時間
-
配置信任點。
-
安裝CA證書。
-
生成AP證書請求。
-
向CA傳送AP證書請求。
-
發出憑證。
-
安裝AP證書。
-
-
同步Cisco IOS請求者的時鐘並將其時間儲存到NVRAM(適用於使用Cisco IOS軟體版本12.4(21a)JY的系統)
設定
本節提供用於設定本文件中所述功能的資訊。
註:使用Command Lookup Tool(僅限註冊客戶)可獲取本節中使用的命令的詳細資訊。
啟動Microsoft CA(如有必要)
完成以下步驟,以便使用Windows 2003 Advanced Server開啟Microsoft CA:
-
首先,安裝IIS。選擇控制面板>新增/刪除程式> Windows元件>應用程式伺服器。
-
然後安裝CA。選擇控制面板>新增刪除程式> Windows元件>證書服務。
-
選擇企業根CA。
-
為CA指定一個名稱,並記下該名稱。
-
在ACS中安裝伺服器證書
完成這些步驟,以便在ACS中安裝伺服器證書。
-
在ACS伺服器上執行的瀏覽器中,瀏覽到CA:http://ip.of.CA.server/certsrv
-
請求證書>高級請求>建立並向此CA提交請求。
-
在名稱(CN)欄位中,輸入內容。記下來。
-
在「需要證書的型別」下拉選單中,選擇Server Authentication Certificate。
-
在關鍵選項下,選擇:
-
CSP - Microsoft Base加密提供程式v1.0
-
金鑰大小 — 1024
-
選中Mark keys as exportable。
-
選中Store cert in the local computer cert store。
-
-
將所有其他內容保留為預設值,然後按一下Submit。
-
您應該會看到「Certificate Pending」狀態報告,其中顯示「Your certificate request has been received」。如果您遇到問題,請參閱MS KB 323172,或者其它可能會影響Active X的內容。
-
-
現在,在CA上,進入CA管理實用程式並選擇開始>管理工具>證書頒發機構。
-
在左側,展開CA圖示,並檢視Pending Requests下。
-
在右側,按一下右鍵來自ACS的請求,然後選擇All Tasks > Issue。現在該請求應該顯示在「已簽發的證書」下。
-
-
返回ACS伺服器,再次瀏覽到http://ip.of.CA.server/certsrv。
-
按一下View the status of a pending certificate request。
-
按一下「Server Authentication Certificate」。
-
按一下「Install this certificate」。
-
在ACS上安裝CA證書
請完成以下步驟:
在ACS伺服器上執行的瀏覽器中,瀏覽到CA:http://ip.of.CA.server/certsrv
-
按一下「Download a CA certificate, certificate chain, or CRL」。
-
選擇編碼方法:基地64。
-
選擇Download CA certificate。
-
開啟.cer檔案,然後按一下Install Certificate。
-
在「證書匯入嚮導」中,按一下下一步,然後將所有證書放入以下儲存,然後瀏覽。
-
選中Show physical stores框。
-
展開受信任的根憑證授權單位,選擇Local Computer,然後按一下Ok。
-
按一下匯入成功框的下一步、完成和確定。
設定ACS以使用伺服器證書
請完成以下步驟:
-
在ACS伺服器上,選擇System Configuration。
-
選擇ACS Certificate Setup。
-
選擇安裝ACS證書。
-
選擇Use certificate from storage。
-
鍵入CN名稱,該名稱與上一步驟中使用的名稱相同。
-
按一下「Submit」。
-
在ACS伺服器中,按一下System configuration。
-
選擇ACS Certificate Setup。
-
選擇Edit Certificate Trust List。
-
選中CA的覈取方塊。
-
按一下「Submit」。
將ACS配置為讓WGB在EAP-TLS中進行身份驗證
完成以下步驟,將ACS配置為允許WGB在ACS中進行身份驗證:
-
將WLC新增為NAS(AAA客戶端)。
-
在ACS GUI中,按一下左側的Network Configuration。
-
在AAA Clients下,按一下Add Entry。
-
在AAA Client Hostname下輸入名稱。
-
在AAA Client IP Address下輸入WLC的管理介面IP地址。
-
在Shared Secret下輸入RADIUS金鑰,並記下該金鑰。
-
在「Authenticate Using」下拉選單中,選擇「RADIUS(Cisco Airespace)」。
-
按一下「Submit+Apply」。
-
-
在ACS中啟用EAP-TLS。
-
選擇System Configuration > Global Authentication Setup。
-
在EAP-TLS下(例如,頂級EAP-TLS),在EAP-FAST之後,而不是在PEAP下的EAP-TLS,選中Allow EAP-TLS。
-
檢查所有三個證書驗證選項。
-
選擇Submit + Restart。
-
-
將WGB新增為ACS。
-
在使用者設定中,在「使用者」面板中輸入WGB的名稱,然後按一下新增/編輯。此範例使用「WGB」。
-
輸入難以猜測的密碼。這是必需的,但在EAP-TLS中未使用。
-
按一下「Submit」。
-
配置WLC的WLAN以向ACS進行身份驗證
請完成以下步驟:
-
瀏覽WLC的GUI。
-
將ACS新增到RADIUS伺服器清單:
-
選擇Security > AAA > RADIUS > Authentication,然後按一下New。
-
在「伺服器IP地址」面板中輸入ACS IP地址。
-
輸入上一步的RADIUS共用金鑰。
-
按一下「Apply」。
-
-
為EAP-TLS客戶端新增WLAN:
-
在WLANs下,按一下New。
-
輸入SSID作為配置檔名稱和WLAN SSID。
-
在General頁籤中,選中Enabled覈取方塊和Broadcast SSID(如果需要)。
-
在Security頁籤下:
-
在Layer 2頁籤下,在Layer 2 Security下拉選單中選擇WPA+WPA2,選中WPA Policy with TKIP encryption,取消選中WPA2 policy with AES encryption,然後選擇802.1X進行身份驗證金鑰管理。
-
在AAA Servers下,新增ACS,除非ACS是全域性預設RADIUS伺服器。
-
-
按一下「Apply」。
-
配置WGB的證書
請完成以下步驟:
注意:此方法使用複製和貼上方法。有關如何使用TFTP和SCEP方法的詳細資訊,請參閱Cisco 3200系列無線MIC軟體配置指南中的使用加密pki CLI配置證書。
-
根據需要設定WGB的主機名、域名和時間。
-
主機名必須與在ACS中為其輸入的使用者名稱匹配,如前步驟所示:
ap#configure terminal ap(config)#hostname WGB WGB(config)#
-
時間必須正確,認證才能正常工作(時鐘設定exec CLI或配置sntp伺服器)。
-
-
配置CA的信任點:
WGB#config term WGB(config)#crypto pki trustpoint CUT-PASTE WGB(config)#enrollment terminal WGB(config)#subject-name CN=WGB
附註: subject-name CN=<ClientName>是必需的。如果沒有證書,Microsoft CA將無法頒發證書,因為請求主題名稱無效或過長。0x80094001錯誤消息。
WGB(config)#revocation-check none
附註: revocation-check none命令是避免思科錯誤ID CSCsl07349(僅限註冊客戶)中所述問題的必要條件。WGB經常取消關聯/重新關聯,重新連線需要很長時間。
WGB(config)#rsakeypair manual-keys 1024
-
在WGB上安裝CA證書:
-
獲取CA證書的副本:
-
瀏覽到CA:http://ip.of.CA.server/certsrv
-
按一下「Download a CA certificate, certificate chain, or CRL」。
-
選擇編碼方法:基地64。
-
按一下「Download CA certificate」。
-
儲存.cer檔案。
-
-
安裝CA憑證:
WGB(config)#crypto pki authenticate CUT-PASTE Enter the base 64 encoded CA certificate. End with a blank line or the word "quit" on a line by itself
現在,從上一步下載的.cer檔案中貼上文本。
-----BEGIN CERTIFICATE----- [ ... ] -----END CERTIFICATE----- quit Certificate has the following attributes: Fingerprint: 45EC6866 A66B4D8F 2E05960F BC5C1B76 % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported
-
-
在WGB上請求並安裝客戶端證書:
-
在WGB上生成證書請求:
WGB(config)#crypto pki enroll CUT-PASTE % Start certificate enrollment .. % The subject name in the certificate will include: CN=WGB % Include the router serial number in the subject name? [yes/no]: no % Include an IP address in the subject name? [no]: no Display Certificate Request to terminal? [yes/no]: yes Certificate Request follows: MIIBjzCB+QIBADAvMQwwCgYDVQQDEwNXR0IxHzAdBgkqhkiG9w0BCQIWEFdHQi5j Y2lld2lmaS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMuyZ0Y/xI3O 6Pwch3qA/JoBobYcvKHlc0B0qvqPgCmZgNb8nsFDV8ZFQKb3ySdIxlqOGtrn/Yoh 2LHzRKi+AWQHFGAB2vkFD0SJD8A6+YD/GqEdXGoo/e0eqJ7LgFq0wpUQoYlPxsPn QUcK9ZDwd8EZNYdxU/jBtLG9MLX4gta9AgMBAAGgITAfBgkqhkiG9w0BCQ4xEjAQ MA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQQFAAOBgQAsCItCKRtu16JmG4rz cDROO1QdmNYDuwkswHRgSHDMjVvBmoqA2bKeNsTj+svuX5S/Q2cGbzC6OLN/ftQ7 fw+RcKKm8+SpaEnU3eYGs3HhY7W9L4MY4JkY8I89ah15/V82SoIAOfCJDy5BvBP6 hk7GAPbMYkW9wJaNruVEvkYoLQ== ---End - This line not part of the certificate request--- Redisplay enrollment request? [yes/no]: no WGB(config)#
-
使用之前收集的輸出向CA請求客戶端/使用者證書。使用具有訪問CA許可權的PC,並使用此方法請求使用者證書:
-
瀏覽到CA:http://ip.of.CA.server/certsrv
-
選擇「Request a certificate」選項。
-
選擇「advanced certificate request」選項。
-
選擇「Submit a certificate request by using a base-64-encoded CMC or PKCS #10 files or submit a renewal request by using a base-64-encoded PKCS #7 file」選項。
-
將之前使用的「crypto pki enroll」命令生成的IOS貼上到證書請求中,然後僅提交該請求。
-
最後,僅以「Base 64 encoded」格式下載證書。
注意:您需要確保證書是為WGB實際生成的,主體具有「WGB」(您向WGB提供的使用者名稱)作為CN。
-
-
在WGB上安裝使用者證書:
WGB(config)#crypto pki import CUT-PASTE certificate Enter the base 64 encoded certificate. End with a blank line or the word "quit" on a line by itself現在,從上一步下載的.cer檔案中貼上文本。
-----BEGIN CERTIFICATE----- [ ... ] -----END CERTIFICATE----- % Router Certificate successfully imported
-
-
從WGB CLI驗證認證:
WGB#show crypto pki certificates Certificate Status: Available Certificate Serial Number: 1379B07200000000000C Certificate Usage: General Purpose Issuer: cn=AARONLAB Subject: Name: WGB cn=WGB CRL Distribution Points: http://wcswin/CertEnroll/AARONLAB.crl Validity Date: start date: 11:33:09 MST Mar 3 2008 end date: 11:43:09 MST Mar 3 2009 Associated Trustpoints: COPY-PASTE CA Certificate Status: Available Certificate Serial Number: 612683248DBA539B44B039BD51CD1D48 Certificate Usage: Signature Issuer: cn=AARONLAB Subject: cn=AARONLAB CRL Distribution Points: http://wcswin/CertEnroll/AARONLAB.crl Validity Date: start date: 16:34:48 MST Feb 28 2008 end date: 16:41:25 MST Feb 28 2018 Associated Trustpoints: COPY-PASTE
根據需要配置WGB SSID、請求方和無線電
請完成以下步驟:
-
配置SSID。這應該與上一步驟中WLC上配置的SSID相符:
dot11 ssid EAPTLS authentication network-eap eap_methods authentication key-management wpa version 1 dot1x credentials EAPTLS dot1x eap profile EAPTLS infrastructure-ssid
-
配置EAP-TLS請求方。使用者名稱必須與信任點上的CN和ACS中的使用者名稱條目匹配。
eap profile EAPTLS method tls ! dot1x credentials EAPTLS username WGB pki-trustpoint CUT-PASTE
-
根據需要配置無線電介面。在本示例中,使用2.4 GHz射頻(Dot11Radio0)。
interface Dot11Radio0 encryption mode ciphers aes-ccm tkip ssid EAPTLS ! packet retries 128 drop-packet station-role workgroup-bridge
註:由於packet retries 128 drop-packet,只要可以,WGB就會保持與其根AP的關聯,因此這是適用於不移動WGB的配置。對於物理漫遊的WGB,可以使用以下配置,以實施越來越積極的漫遊:
packet retries 128
附註:或
packet retries 128 mobile station period 5 threshold 82 (tune the mobile station command as needed for a specialized application)
配置被動客戶端的條目(如有必要)
例如,如果一個或多個「被動使用者端」位於WGB之後(例如具有靜態IP位址且不會持續傳輸未經請求的IP資料的有線裝置),則需要採取特殊步驟以確保WGB和CUWN可以找到這些使用者端。在本範例中,使用者端的IP位址為10.0.47.66,MAC位址為0040.96b4.7e8f。
完成以下步驟即可使用此方法:
-
在WGB上為客戶端配置靜態網橋條目:
B(config)#bridge 1 address 0040.96b4.7e8f forward fastethernet0
-
在WLC上設定靜態MAC到IP位址對應:
-
配置WLAN以啟用MAC過濾、AAA覆蓋以及不要求DHCP:
(Cisco Controller) >show wlan summary !--- Make a note of the WLAN ID for the SSID used for EAP-TLS. (Cisco Controller) >config wlan disable 6 (Cisco Controller) >config wlan mac-filtering enable 6 (Cisco Controller) >config wlan aaa-override enable 6 (Cisco Controller) >config wlan dhcp_server 6 0.0.0.0 !--- Do not have DHCP required checked.
-
為每個客戶端新增MAC過濾器(MAC到IP對映):
(Cisco Controller) >config macfilter add 0040.96b4.7e8f 6 management "client1" 10.0.47.66
-
使用802.11a(5 GHz)時的特別說明
由於802.11a支援的通道數比802.11b/g(2.4 GHz)多得多,因此WGB掃描所有可用通道所需的時間可能會長得多。因此,當您在5 GHz內漫遊時,或在與根AP發生連線問題後,中斷可能會持續幾秒。此外,如果使用DFS通道,通道掃描可能需要更長的時間,並且可能會在DFS雷達檢測事件之後發生短暫的中斷。
因此,如果您使用802.11a,建議您避免使用DFS通道(例如,在FCC域中),並僅使用UNII-1和UNII-3波段。WGB的Dot11Radio1介面也應配置為僅掃描覆蓋區域中正在使用的通道。例如:
WGB(config-if)#mobile station scan 36 40 44 48 149 153 157
組態
以下是使用Cisco IOS軟體版本12.4(10b)JA2、使用WPA1-TKIP、2.4 GHz的AP1242的WGB組態範例。
注意:由於空間限制,此配置的某些行已移至第二行。
version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WGB ! logging buffered 200000 debugging enable secret 5 $1$xPtX$hjxzdWVR9qa4ykoxLYba91 ! no aaa new-model clock timezone MST -7 ! ! ! dot11 ssid EAPTLS authentication network-eap eap_methods authentication key-management wpa version 1 dot1x credentials EAPTLS dot1x eap profile EAPTLS infrastructure-ssid ! power inline negotiation prestandard source eap profile EAPTLS method tls ! ! crypto pki trustpoint COPY-PASTE enrollment terminal subject-name CN=WGB revocation-check none rsakeypair manual-keys 1024 ! ! crypto pki certificate chain COPY-PASTE certificate 1379B07200000000000C [...] quit certificate ca 612683248DBA539B44B039BD51CD1D48 [...] quit dot1x credentials EAPTLS username WGB pki-trustpoint COPY-PASTE ! username Cisco password 0 Cisco ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! ssid EAPTLS ! packet retries 128 drop-packet station-role workgroup-bridge no dot11 qos mode bridge-group 1 bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown ! station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 ip address dhcp client-id FastEthernet0 no ip route-cache ! ip http server no ip http secure-server ip http help-path bridge 1 route ip ! ! ! line con 0 line vty 0 4 login local ! sntp server 10.0.47.1 end |
同步Cisco IOS請求者的時鐘並將其時間儲存到NVRAM(適用於使用Cisco IOS軟體版本12.4(21a)JY的系統)
如果Cisco IOS裝置的請求方配置為對其網路連線執行基於證書的身份驗證,則該裝置(下文稱為Supplicant)可能無法連線到網路,除非採取這些步驟。
為了確保請求方在重新載入後但在連線到網路之前大致知道當前時間,以便驗證伺服器的證書,您必須配置請求方從NTP伺服器獲取時間,並將時間寫入其NVRAM。這是執行Cisco IOS軟體版本12.4(21a)JY的任何系統的要求。
請完成以下步驟:
-
配置請求方,使其時間與已知良好的NTP伺服器(請求方可以訪問網路)同步,並將其時間儲存到其NVRAM中。
示例1.1(在具有SNTP且沒有硬體日曆的系統上):
Supp(config)#sntp server 10.0.47.1 Supp(config)#clock save interval 8 Supp(config)#end Supp#write memory
示例1.2(在具有NTP和硬體日曆的系統上):
Supp(config)#ntp server 10.0.47.1 iburst Supp(config)#ntp update-calendar Supp(config)#end Supp#write memory
-
確保請求方具有與NTP伺服器的網路連線並同步其時間。
範例 2.1:
Supp#show sntp SNTP server Stratum Version Last Receive 10.0.47.1 3 1 00:00:09 Synced
範例 2.2:
Supp#show ntp status Clock is synchronized, stratum 4, reference is 10.95.42.129 [ ... ]
-
確保將正確的時間儲存到請求方的硬體日曆中(如果有的話),或者儲存到NVRAM中(如果沒有)。
示例3.1.在沒有硬體日曆的系統上:
重新載入Supplicant客戶端,確保時間儲存到NVRAM。重新載入後,驗證時間是否大致正確,即使NTP伺服器不可用:
Supp#show clock detail *08:24:30.103 -0700 Thu Apr 15 2010 No time source
示例3.2.在具有硬體日曆的系統上:
將當前正確的時間寫入硬體日曆:
Supp#clock update-calendar
驗證日曆是否正確:
Supp#show calendar
驗證
使用本節內容,確認您的組態是否正常運作。
輸出直譯器工具(僅供已註冊客戶使用)(OIT)支援某些show命令。使用OIT檢視show命令輸出的分析。
檢驗WGB連線。
在WLC上,WGB的無線MAC地址應顯示為關聯客戶端。例如:
(Cisco Controller) >show client summary
Number of Clients................................ 5
MAC Address AP Name Status WLAN/ Auth Protocol Port Wired
Guest-Lan
----------------- --------------- ---------- --------- ---- -------- ---- -----
00:00:39:dd:4d:24 AP0019.e802.3034 Associated 6 Yes N/A 4 No
00:0e:9b:cb:d3:9c AP0019.e802.3034 Associated 1 No 802.11b 4 No
00:16:6f:50:e1:25 AP0019.e802.3034 Probing N/A No 802.11b 4 No
00:19:56:b0:7e:b6 AP0019.e802.3034 Associated 6 Yes 802.11b 4 No
00:40:96:b4:7e:8f AP0019.e802.3034 Associated 6 Yes N/A 4 No
Use "show client detail <MAC>" to see more information on the WGB:
(Cisco Controller) >show client detail 00:19:56:b0:7e:b6
Client MAC Address............................... 00:19:56:b0:7e:b6
Client Username ................................. WGB
AP MAC Address................................... 00:19:a9:42:e4:10
Client State..................................... Associated
Workgroup Bridge................................. 2 client(s)
Wireless LAN Id.................................. 6
BSSID............................................ 00:19:a9:42:e4:15
Channel.......................................... 1
IP Address....................................... 10.0.47.23
在WGB上,可以使用show dot11 associations和show dot11 associations all-clients命令檢視有關與AP關聯的更多詳細資訊。使用ping w.x.y.z命令對WGB的預設網關執行ping。
檢驗WGB的客戶端連線。
在WGB上,可以使用show bridge 1 fastethernet0命令檢視通過FastEthernet0介面獲知的地址:
WGB.Cisco.COM#show bridge 1 fastethernet0
Total of 300 station blocks, 292 free
Codes: P - permanent, S - self
Bridge Group 1:
Address Action Interface Age RX count TX count
0000.39dd.4d24 forward FastEthernet0 1 328 71
0040.96b4.7e8f forward FastEthernet0 P 0 352
On the WLC, the WGB's wired clients will show up as associated clients with
protocol "N/A":
(Cisco Controller) >show client summary
Number of Clients................................ 5
MAC Address AP Name Status WLAN/ Auth Protocol Port Wired
Guest-Lan
----------------- --------------- ---------- --------- ---- -------- ---- -----
00:00:39:dd:4d:24 AP0019.e802.3034 Associated Yes N/A 4 No
00:0e:9b:cb:d3:9c AP0019.e802.3034 Associated 1 No 802.11b 4 No
00:16:6f:50:e1:25 AP0019.e802.3034 Probing N/A No 802.11b 4 No
00:19:56:b0:7e:b6 AP0019.e802.3034 Associated 6 Yes 802.11b 4 No
00:40:96:b4:7e:8f AP0019.e802.3034 Associated 6 Yes N/A 4 No
(Cisco Controller) >show client detail 00:00:39:dd:4d:24
Client MAC Address.............................. 00:00:39:dd:4d:24
Client Username ................................ N/A
AP MAC Address.................................. 00:19:a9:42:e4:10
Client State.................................... Associated
Workgroup Bridge Client......................... WGB: 00:19:56:b0:7e:b6
Wireless LAN Id................................. 6
BSSID........................................... 00:19:a9:42:e4:15
Channel......................................... 1
疑難排解
本節提供的資訊可用於對組態進行疑難排解。
疑難排解指令
輸出直譯器工具(僅供已註冊客戶使用)(OIT)支援某些show命令。使用OIT檢視show命令輸出的分析。
附註:使用 debug 指令之前,請先參閱有關 Debug 指令的重要資訊。
調試示例
WGB端示例
在WGB上,此範例假設為2.4 GHz;如果使用5 GHz,請指定Dot11Radio1而不是Dot11Radio0。
WGB#no debug dot11 dot11radio0 print printf !--- This runs the radio debugs through !--- the standard Cisco IOS logger. WGB#debug dot11 dot11radio0 trace print mgmt uplink !--- radio driver debugs: 802.11 management frames !--- and uplink events WGB#debug dot11 supp-sm-dot1x !--- interface to the 802.1X supplicant
以下是上一個組態中提供的正常關聯的範例:
| WGB端示例 |
|---|
Mar 4 23:22:39.427: 108DD0BF-0 Uplink: Enabling active scan
Mar 4 23:22:39.427: 108DD0D0-0 Uplink: Not busy, scan all channels
Mar 4 23:22:39.427: 108DD0DE-0 Uplink: Scanning
Mar 4 23:22:39.430: 108DDF83-0 Uplink: Rcvd response from 0019.a942.e415
channel 1 3237
!--- WGB scans the 2.4 GHz channels, !--- found an AP on channel 1.
Mar 4 23:22:39.470: 108E7B31-0 Uplink: dot11_uplink_scan_done: ssnie_accept
returns 0x0 key_mgmt 0x50F201 encrypt_type 0x20
Mar 4 23:22:39.470: 108E7B67-0 Uplink: ssid EAPTLS auth leap
Mar 4 23:22:39.471: 108E7B77-0 Uplink: try 0019.a942.e415, enc 20 key 1,
priv 1, eap 11
Mar 4 23:22:39.471: 108E7B93-0 Uplink: Authenticating
Mar 4 23:22:39.479: 108E9C71 t 1 0 - B000 13A 42E415 B07EB6 42E415 D9E0
auth l 6
algorithm 128
sequence 1
status 0
Mar 4 23:22:39.480: 108EA160 r 1 73/ 26- B000 13A B07EB6 42E415 42E415 5E70
auth l 37
algorithm 128
sequence 2
status 0
221 - 0 40 96 C 1 A 22 79 95 1A 7C 18 1 0 0 CA 4 0 0 0 0 74 52 EA
31 F4 9E 89 5A
!--- WGB completes 802.11 authentication.
Mar 4 23:22:39.480: 108EA1EB-0 Uplink: Associating
Mar 4 23:22:39.481: 108EA951 t 1 0 - 0000 13A 42E415 B07EB6 42E415 D9F0
assreq l 119
cap 431 infra privacy shorthdr
listen interval 200
ssid EAPTLS
rates 82 84 8B C 12 96 18 24
extrates 30 48 60 6C
aironet WGB.Cisco.COM load 0 clients 0 hops 0 device 7C-2700
refresh 15 CW 0-0 flags 0 distance 0
ccxver 5
221 - 0 40 96 14 0
IP 10.0.47.23 1
wpa1 mcst tkip ucst tkip keymgmt wpa cap 2800
221 - 0 40 96 6 2
Mar 4 23:22:39.484: 108EB2C6 r 1 80/77 19- 1000 13A B07EB6 42E415 42E415
5E80 assrsp l 101
cap 31 infra privacy shorthdr
status 0
aid C003
rates 82 4 B 16
aironet AP0019.e802.303 load 0 clients 0 hops 0 device 8F-2700
refresh 15 CW 31-1023 flags 40 distance 0
IP 10.0.47.6 0
ccxver 5
221 - 0 40 96 14 0
221 - 0 40 96 C 1 A 22 7E 95 1A 7C 18 1 0 0 CB 4 0 0 0 0 FB 4C F3 7D D
29 71 E2
!--- WGB completes 802.11 association.
Mar 4 23:22:39.486: Uplink address set to 0019.a942.e415
Mar 4 23:22:39.486: Initialising common IOS structures for dot1x
Mar 4 23:22:39.486: Done.
Mar 4 23:22:39.486: DOT1X_SHIM: Start supplicant on Dot11Radio0
(credentials EAPTLS)
Mar 4 23:22:39.486: DOT1X_SHIM: Starting dot1x_mgr_auth (auth type 128)
Mar 4 23:22:39.486: DOT1X_SHIM: Initialising WPA [or WPA-PSK or CCKM]
key management module
!--- Starting the EAP-TLS supplicant
Mar 4 23:22:39.488: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.489: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.489: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.490: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
!--- The "No AAA client found" message appears !--- to be a bogon and can be ignored.
Mar 4 23:22:39.491: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.491: 108EB9B4-0 Uplink: EAP authenticating
Mar 4 23:22:39.491: 108EBD22 r 11 73/ 4 - 0802 13A B07EB6 42E415 42E415
5E90 l64
0100 0034 0101 0034 0100 6E65 7477 6F72 6B69 643D 4541 5054 4C53 2C6E
6173 6964 3D74 7563 736F 6E2D 776C 6332 3030 362C 706F 7274 6964 3D34 0000
Mar 4 23:22:39.492: 108EC770 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA00 l68
EAPOL2 EAPOL start
Mar 4 23:22:39.492: 108ECA4D r 11 74/ 18- 0802 13A B07EB6 42E415 42E415
5EA0 l64
0100 0034 0102 0034 0100 6E65 7477 6F72 6B69 643D 4541 5054 4C53 2C6E
6173 6964 3D74 7563 736F 6E2D 776C 6332 3030 362C 706F 7274 6964 3D34 0000
Mar 4 23:22:39.492: 108ECDE2 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA10 l68
EAPOL2 EAP id 1 resp ident "WGB"
Mar 4 23:22:39.493: 108ED000 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA20 l68
EAPOL2 EAP id 2 resp ident "WGB"
Mar 4 23:22:39.524: 108F50C4 r 11 74/ 18- 080A 13A B07EB6 42E415 42E415
5EC0 l31
0100 0013 01AF 0013 1101 0008 E23F 829E AE45 57EB 5747 4200 0000 0000
0000 00
!--- The WGB sends an EAPOL START, !--- the WLC authenticator sends an EAP ID Request, !--- and the WGB responds with an EAP ID response.
Mar 4 23:22:39.525: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.525: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.526: 108F57D0 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA30 l68
EAPOL2 EAP id 175 resp nak 0D
Mar 4 23:22:39.547: 108FA89C r 11 86/77 19- 080A 13A B07EB6 42E415 42E415
5ED0 l18
0100 0006 01B0 0006 0D20 0000 0000 0000 0000
Mar 4 23:22:39.547: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.561: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.561: 108FE059 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA40 l86
EAPOL2 EAP id 176 resp tls 8000 0000 3216 0301 002D 0100 0029 0301 47CD
D9BF CE1B 71B1 A815 CB99 8C80 8876 39F2 57A3 0F02 F382 147E 9D0C 657E 3AA7
Mar 4 23:22:39.572: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.573: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.573: 10900868 r 11 86/77 20- 0802 13A B07EB6 42E415 42E415
5EF0 l1024
0100 03F4 01B1 03F4 0DC0 0000 079D 1603 0100 4A02 0000 4603 0147 CDD9
B413 0683 9734 4D26 136F EC8F ECD3 5D3B 77C7 4D20 7DA1 9B17 D7D3 E4A6 1720
Mar 4 23:22:39.574: 109012E6 t 11 1 - 0809 13A 42E415 B07EB6 42E415
DA50 l68
EAPOL2 EAP id 177 resp tls 00
Mar 4 23:22:39.582: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.734: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.735: 1090317E r 11 /78 19- 0802 13A B07EB6 42E415 42E415
5F00 l965
0100 03B9 01B2 03B9 0D00 C687 1DB6 065B 2467 2609 EE5F 9C64 F3A9 C199
493E 2B79 F157 1765 6C2F C409 4D54 7DA4 6791 4859 ECAA 685B 0F66 C5E9 22A6
Mar 4 23:22:39.736: 10928A31 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA60 l1239
EAPOL2 EAP id 178 resp tls 8000 0004 B316 0301 036D 0B00 0369 0003 6600
0363 3082 035F 3082 0247 A003 0201 0202 0A13 79B0 7200 0000 0000 0C30 0D06
Mar 4 23:22:39.755: 1092D464 r 11 /78 18- 0802 13A B07EB6 42E415
42E415 5F40 l65
0100 0035 01B3 0035 0D80 0000 002B 1403 0100 0101 1603 0100 20B8 EBFA
2DDB 2E1A BF84 37A8 892C 84C5 50B2 B1A5 6F3E B2B5 981A 2899 1DE2 B470 6800
Mar 4 23:22:39.755: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.760: DOT1X_SHIM: Dot1x pkt sent (uplink)
with dest 0019.a942.e415
Mar 4 23:22:39.760: 1092E92C t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA70 l68
EAPOL2 EAP id 179 resp tls 00
Mar 4 23:22:39.770: 10930F50 r 11 75/80 19- 0802 13A B07EB6 42E415 42E415
5F60 l16
0100 0004 03B3 0004 0000 0000 0000 0000
Mar 4 23:22:39.770: DOT1X_SHIM: No AAA client found for 0019.a942.e415
(on Dot11Radio0)
Mar 4 23:22:39.774: DOT1X_SHIM: Received Dot1x success - Authenticated
with EAP-TLS
!--- EAP-TLS authentication is successful, !--- now come the keys.
Mar 4 23:22:39.774: DOT1X_SHIM: treat key material as wpa-v1 v2 pmk
Mar 4 23:22:39.774: DOT1X_SHIM: WPA PMK key size truncated from 64 to 32
Mar 4 23:22:39.777: DOT1X_SHIM: Got Eapol key packet from dot1x manager
Mar 4 23:22:39.777: DOT1X_SHIM: Passing key packet to KM module
Mar 4 23:22:39.777: supp_km_processKey: descriptor type = 254
Mar 4 23:22:39.777: supp_km_processKey: key length = 137
Mar 4 23:22:39.778: 109319B7 r 11 /77 16- 080A 13A B07EB6 42E415 42E415
5F70 l107
0103 005F FE00 8900 2000 0000 0000 0000 006E 64D0 C659 1C91 11D2 6040
C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E DF00 0000 0000 0000 0000
Mar 4 23:22:39.779: 109332C2 t 11 1 - 0809 13A 42E415 B07EB6 42E415
DA80 l133
EAPOL key desc FE info 109 len 20 replay 0000000000000000
nonce 11AADA303F5F9B2357A932B3093483905E69F8408D019FB2EF56F7AD706F0759
iv 00000000000000000000000000000000 rsc 0000000000000000
id 0000000000000000 mic DBD06C383B83E3478F802844095E9444
datalen 1A key DD18 0050 F201 0100 0050 F202 0100 0050 F202 0100
0050 F201
2800
Mar 4 23:22:39.780: 109336C1 r 11 83/78 18- 0802 13A B07EB6 42E415 42E415
5F80 l133
0103 0079 FE01 C900 2000 0000 0000 0000 016E 64D0 C659 1C91 11D2 6040
C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E DF6E 64D0 C659 1C91 11D2
Mar 4 23:22:39.781: DOT1X_SHIM: Got Eapol key packet from dot1x manager
Mar 4 23:22:39.781: DOT1X_SHIM: Passing key packet to KM module
Mar 4 23:22:39.781: supp_km_processKey: descriptor type = 254
Mar 4 23:22:39.781: supp_km_processKey: key length = 457
Mar 4 23:22:39.781: dot1x_pakio_plumb_keys: trying to plumb PTK key
Mar 4 23:22:39.782: 10933E11 t 11 0 - 0801 13A 42E415 B07EB6 42E415
DA90 l107
EAPOL key desc FE info 109 len 20 replay 0000000000000001
nonce 0000000000000000000000000000000000000000000000000000000000000000
iv 00000000000000000000000000000000 rsc 0000000000000000
id 0000000000000000 mic 3A59680D1130EC24B00F7246F9D0738F
datalen 0 key
Mar 4 23:22:39.785: 10934749 r 11 88/77 17- 0842 13A B07EB6 42E415 42E415
5F90 l155
IV 0103007F-FE039100 2000 0000 0000 0000 026E 64D0 C659 1C91 11D2 6040
C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E D76E 64D0 C659 1C91 11D2
Mar 4 23:22:39.785: DOT1X_SHIM: Got Eapol key packet from dot1x manager
Mar 4 23:22:39.785: DOT1X_SHIM: Passing key packet to KM module
Mar 4 23:22:39.785: supp_km_processKey: descriptor type = 254
Mar 4 23:22:39.785: supp_km_processKey: key length = 913
Mar 4 23:22:39.786: dot1x_pakio_plumb_keys: trying to plumb vlan
key - length: 32
Mar 4 23:22:39.787: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0,
Associated To AP AP0019.e802.303 0019.a942.e415 [EAP-TLS WPA]
Mar 4 23:22:39.787: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
Mar 4 23:22:39.789: 10934D63-0 Uplink: Done
Mar 4 23:22:39.789: 10934D94-0 Interface up
Mar 4 23:22:39.790: 10934ED7 t 11 0 - 0841 13A 42E415 B07EB6 42E415
DAA0 l115
EAPOL key desc FE info 311 len 0 replay 0000000000000002
nonce 0000000000000000000000000000000000000000000000000000000000000000
iv 00000000000000000000000000000000 rsc 0000000000000000
id 0000000000000000 mic DA60CCDAE27E7362B9B720B52715E081
datalen 0 key
!--- The keys are all distributed, !--- and the Dot11Radio0 interface is fully up.
|
WLC端偵錯
| WLC端範例 |
|---|
(Cisco Controller) >debug mac addr
00:19:56:b0:7e:b6
!--- Filter debugs on the radio !--- MAC address of the WGB.
(Cisco Controller) >debug dot11 state enable
(Cisco Controller) >debug dot1x events enable
(Cisco Controller) >debug dot1x states enable
(Cisco Controller) >debug pem events enable
(Cisco Controller) >debug pem state enable
(Cisco Controller) >debug aaa packet enable
(Cisco Controller) >debuug aaa events enable
(Cisco Controller) >debug aaa events enable
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 Processing WPA IE type 221,
length 24 for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 RUN (20)
Change state to START (0) last state RUN (20)
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 START (0)
Initializing policy
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 START (0)
Change state to AUTHCHECK (2) last state RUN (20)
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 AUTHCHECK (2)
Change state to 8021X_REQD (3) last state RUN (20)
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 8021X_REQD (3)
Plumbed mobile LWAPP rule on AP 00:19:a9:42:e4:10
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 apfPemAddUser2 (apf_policy.c:209)
Changing state for mobile 00:19:56:b0:7e:b6 on
AP 00:19:a9:42:e4:10 from Associated to Associated
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 apfProcessAssocReq (apf_80211.c:4149)
Changing state for mobile 00:19:56:b0:7e:b6 on
AP 00:19:a9:42:e4:10 from Associated to Associated
!--- WGB is associated in 802.11. !--- Note in this case that the WGB associated !--- when it was already associated.
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 dot1x - moving
mobile 00:19:56:b0:7e:b6 into Connecting state
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 Sending EAP-Request/Identity to
mobile 00:19:56:b0:7e:b6 (EAP Id 1)
Tue Mar 4 16:45:56 2008: 00:19:56:b0:7e:b6 10.0.47.23 Removed NPU entry.
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAPOL START from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 dot1x - moving
mobile 00:19:56:b0:7e:b6 into Connecting state
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Sending EAP-Request/Identity to
mobile 00:19:56:b0:7e:b6 (EAP Id 2)
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAP Response packet with
mismatching id (currentid=2, eapid=1) from mobile
00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received Identity Response (count=2) from
mobile 00:19:56:b0:7e:b6
!--- WGB sends EAPOL START while !--- WLC sends its EAP ID-request, !--- which confuses the state machines for a moment, !--- but eventually we get on track, and the WLC !--- gets its ID-response from the WGB supplicant.
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 EAP State update from Connecting to
Authenticating for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 dot1x - moving mobile
00:19:56:b0:7e:b6 into Authenticating state
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Response
state for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Successful transmission of
Authentication Packet (id 17) to 10.0.47.42:1812,
proxy state 00:19:56:b0:7e:b6-00:00
Tue Mar 4 16:45:59 2008: 00000000: 01 11 00 9c 85 82 35 15
62 0f 50 bd 32 60 0c e6 ......5.b.P.2`..
Tue Mar 4 16:45:59 2008: 00000010: de 94 b2 40 01 05 57 47
42 1f 13 30 30 2d 31 39 ...@..WGB..00-19
Tue Mar 4 16:45:59 2008: 00000020: 2d 35 36 2d 42 30 2d 37
45 2d 42 36 1e 1a 30 30 -56-B0-7E-B6..00
Tue Mar 4 16:45:59 2008: 00000030: 2d 31 39 2d 41 39 2d 34
32 2d 45 34 2d 31 30 3a -19-A9-42-E4-10:
Tue Mar 4 16:45:59 2008: 00000040: 45 41 50 54 4c 53 05 06
00 00 00 04 04 06 0a 00 EAPTLS..........
Tue Mar 4 16:45:59 2008: 00000050: 2f 06 20 10 74 75 63 73
6f 6e 2d 77 6c 63 32 30 /...tucson-wlc20
Tue Mar 4 16:45:59 2008: 00000060: 30 36 1a 0c 00 00 37 63
01 06 00 00 00 06 06 06 06....7c........
Tue Mar 4 16:45:59 2008: 00000070: 00 00 00 02 0c 06 00 00
05 14 3d 06 00 00 00 13 ..........=.....
Tue Mar 4 16:45:59 2008: 00000080: 4f 0a 02 02 00 08 01 57
47 42 50 12 c5 f3 f5 9c O......WGBP.....
Tue Mar 4 16:45:59 2008: 00000090: c0 81 0e 3e 23 c0 a7 1b
03 f7 af 5b ...>#......[
Tue Mar 4 16:45:59 2008: 00000000: 0b 11 00 47 54 d3 b6 45
75 eb 83 b7 97 7c 80 1b ...GT..Eu....|..
Tue Mar 4 16:45:59 2008: 00000010: 13 03 71 1d 4f 15 01 b0
00 13 11 01 00 08 3d 17 ..q.O.........=.
Tue Mar 4 16:45:59 2008: 00000020: 4a 94 eb c7 3b 3e 57 47
42 18 0c 53 56 43 3d 30 J...;>WGB..SVC=0
Tue Mar 4 16:45:59 2008: 00000030: 2e 36 34 37 3b 50 12 67
50 d3 ad 88 7d 16 8b 5b .647;P.gP...}..[
Tue Mar 4 16:45:59 2008: 00000040: d1 25 57 56 b2 ec 76.%WV..v
Tue Mar 4 16:45:59 2008: ****Enter processIncomingMessages: response code=11
Tue Mar 4 16:45:59 2008: ****Enter processRadiusResponse: response code=11
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Access-Challenge received from
RADIUS server 10.0.47.42 for mobile 00:19:56:b0:7e:b6
receiveId = 7
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Processing Access-Challenge for
mobile 00:19:56:b0:7e:b6
!--- The WLC forwards the ID-request info, !--- that it had received !--- in 802.1X from the WGB supplicant, to the RADIUS server, !--- in a RADIUS Access-Request packet. !--- The RADIUS server responds with an Access-Challenge. !--- If there is a configuration problem with RADIUS, then either !--- the RADIUS server does not respond, or it responds !--- with a RADIUS Access-Reject. !--- If EAP-TLS goes well, there is much back and forth !--- between the EAP exchange on the wireless !--- link, and the RADIUS exchange between the WLC and ACS.
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Req state
(id=176) for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 WARNING: updated
EAP-Identifer 2 ===> 176 for STA 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Sending EAP Request from AAA to
mobile 00:19:56:b0:7e:b6 (EAP Id 176)
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAP Response from
mobile 00:19:56:b0:7e:b6 (EAP Id 176, EAP Type 3)
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Response
state for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Successful transmission of
Authentication Packet (id 18) to 10.0.47.42:1812,
proxy state 00:19:56:b0:7e:b6-00:00
Tue Mar 4 16:45:59 2008: 00000000: 01 12 00 a6 d5 64 56 8a
e8 27 fa de ca 69 c4 2a .....dV..'...i.*
Tue Mar 4 16:45:59 2008: 00000010: cd 06 26 0c 01 05 57 47
42 1f 13 30 30 2d 31 39 ..&...WGB..00-19
Tue Mar 4 16:45:59 2008: 00000020: 2d 35 36 2d 42 30 2d 37
45 2d 42 36 1e 1a 30 30 -56-B0-7E-B6..00
Tue Mar 4 16:45:59 2008: 00000030: 2d 31 39 2d 41 39 2d 34
32 2d 45 34 2d 31 30 3a -19-A9-42-E4-10:
Tue Mar 4 16:45:59 2008: 00000040: 45 41 50 54 4c 53 05 06
00 00 00 04 04 06 0a 00 EAPTLS..........
Tue Mar 4 16:45:59 2008: 00000050: 2f 06 20 10 74 75 63 73
6f 6e 2d 77 6c 63 32 30 /...tucson-wlc20
Tue Mar 4 16:45:59 2008: 00000060: 30 36 1a 0c 00 00 37 63
01 06 00 00 00 06 06 06 06....7c........
Tue Mar 4 16:45:59 2008: 00000070: 00 00 00 02 0c 06 00 00
05 14 3d 06 00 00 00 13 ..........=.....
Tue Mar 4 16:45:59 2008: 00000080: 4f 08 02 b0 00 06 03 0d
18 0c 53 56 43 3d 30 2e O.........SVC=0.
Tue Mar 4 16:45:59 2008: 00000090: 36 34 37 3b 50 12 43 6e
32 b6 e9 11 a3 47 8e 96 647;P.Cn2....G..
Tue Mar 4 16:45:59 2008: 000000a0: dc f0 37 a8 37 9e..7.7.
Tue Mar 4 16:45:59 2008: 00000000: 0b 12 00 4b 71 7a 36 1d
d9 24 16 8d c0 2f 45 52 ...Kqz6..$.../ER
Tue Mar 4 16:45:59 2008: 00000010: 82 3d 58 cf 4f 08 01 b1
00 06 0d 20 18 1d 45 41 .=X.O.........EA
Tue Mar 4 16:45:59 2008: 00000020: 50 3d 30 2e 32 30 32 2e
32 37 65 61 2e 31 3b 53 P=0.202.27ea.1;S
Tue Mar 4 16:45:59 2008: 00000030: 56 43 3d 30 2e 36 34 37
3b 50 12 71 bf 1f 5c c7 VC=0.647;P.q..\.
Tue Mar 4 16:45:59 2008: 00000040: 69 7e e8 cc 9d 71 18 de
b7 e5 b7 i~...q.....
Tue Mar 4 16:45:59 2008: ****Enter processIncomingMessages: response code=11
Tue Mar 4 16:45:59 2008: ****Enter processRadiusResponse: response code=11
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Access-Challenge received from
RADIUS server 10.0.47.42 for mobile 00:19:56:b0:7e
:b6 receiveId = 7
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Processing Access-Challenge for
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Req state
(id=177) for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Sending EAP Request from AAA to
mobile 00:19:56:b0:7e:b6 (EAP Id 177)
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Received EAP Response from
mobile 00:19:56:b0:7e:b6 (EAP Id 177, EAP Type 13)
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Response
state for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:45:59 2008: 00:19:56:b0:7e:b6 Successful transmission of
Authentication Packet (id 19) to 10.0.47.42:1812,
proxy state 00:19:56:b0:7e:b6-00:00
Tue Mar 4 16:45:59 2008: 00000000: 01 13 00 ed 30 a2 b8 d3
6c 6a e9 08 04 f9 b9 32 ....0...lj.....2
Tue Mar 4 16:45:59 2008: 00000010: 98 fe 36 62 01 05 57 47
42 1f 13 30 30 2d 31 39 ..6b..WGB..00-19
Tue Mar 4 16:45:59 2008: 00000020: 2d 35 36 2d 42 30 2d 37
45 2d 42 36 1e 1a 30 30 -56-B0-7E-B6..00
Tue Mar 4 16:45:59 2008: 00000030: 2d 31 39 2d 41 39 2d 34
32 2d 45 34 2d 31 30 3a -19-A9-42-E4-10:
Tue Mar 4 16:45:59 2008: 00000040: 45 41 50 54 4c 53 05 06
00 00 00 04 04 06 0a 00 EAPTLS..........
Tue Mar 4 16:45:59 2008: 00000050: 2f 06 20 10 74 75 63 73
6f 6e 2d 77 6c 63 32 30 /...tucson-wlc20
Tue Mar 4 16:45:59 2008: 00000060: 30 36 1a 0c 00 00 37 63
01 06 00 00 00 06 06 06 06....7c........
Tue Mar 4 16:45:59 2008: 00000070: 00 00 00 02 0c 06 00 00
05 14 3d 06 00 00 00 13 ..........=.....
Tue Mar 4 16:45:59 2008: 00000080: 4f 3e 02 b1 00 3c 0d 80
00 00 00 32 16 03 01 00 O>...<.....2....
Tue Mar 4 16:45:59 2008: 00000090: 2d 01 00 00 29 03 01 47
cd df 36 c4 bc 40 48 75 -...)..G..6..@Hu
Tue Mar 4 16:45:59 2008: 000000a0: f4 09 ea 60 0c 40 fc 99
a0 e7 11 15 00 7e ca 90 ...`.@.......~..
Tue Mar 4 16:45:59 2008: 000000b0: da 5a d3 39 45 be ca 00
00 02 00 04 01 00 18 1d .Z.9E...........
Tue Mar 4 16:45:59 2008: 000000c0: 45 41 50 3d 30 2e 32 30
32 2e 32 37 65 61 2e 31 EAP=0.202.27ea.1
Tue Mar 4 16:45:59 2008: 000000d0: 3b 53 56 43 3d 30 2e 36
34 37 3b 50 12 c0 6b 4c ;SVC=0.647;P..kL
Tue Mar 4 16:45:59 2008: 000000e0: 37 6c 1a 4f 58 89 18 2b
c4 0e 99 cd 0f 7l.OX..+.....
Tue Mar 4 16:45:59 2008: 00000000: 0b 13 04 3f 5d 80 89 e2
e7 3f b0 c4 4c 99 d2 bd ...?]....?..L...
Tue Mar 4 16:45:59 2008: 00000010: e5 e3 6e af 4f ff 01 b2
03 f4 0d c0 00 00 07 9d ..n.O...........
Tue Mar 4 16:45:59 2008: 00000020: 16 03 01 00 4a 02 00 00
46 03 01 47 cd df 2a f3 ....J...F..G..*.
Tue Mar 4 16:45:59 2008: 00000030: 19 0f 6f 52 2f a7 c3 00
d4 c8 f0 50 1c 8f 47 f4 ..oR/......P..G.
Tue Mar 4 16:45:59 2008: 00000040: 97 1b f2 a0 ca a9 f4 27
0c 34 32 20 d9 33 c4 27 .......'.42..3.'
Tue Mar 4 16:45:59 2008: 00000050: 81 91 e4 97 d7 a6 6b 03
58 1a 4a c8 6d 4a e7 ef ......k.X.J.mJ..
Tue Mar 4 16:45:59 2008: 00000060: 9d f8 fd ad c9 95 aa b5
3e f5 1b dc 00 04 00 16 ........>.......
Tue Mar 4 16:45:59 2008: 00000070: 03 01 07 37 0b 00 07 33
00 07 30 00 03 c2 30 82 ...7...3..0...0.
Tue Mar 4 16:45:59 2008: 00000080: 03 be 30 82 02 a6 a0 03
02 01 02 02 0a 61 0f c8 ..0..........a..
Tue Mar 4 16:45:59 2008: 00000090: d9 00 00 00 00 00 02 30
0d 06 09 2a 86 48 86 f7 .......0...*.H..
Tue Mar 4 16:45:59 2008: 000000a0: 0d 01 01 05 05 00 30 13
31 11 30 0f 06 03 55 04 ......0.1.0...U.
Tue Mar 4 16:45:59 2008: 000000b0: 03 13 08 41 41 52 4f 4e
4c 41 42 30 1e 17 0d 30 ...AARONLAB0...0
Tue Mar 4 16:45:59 2008: 000000c0: 38 30 32 32 39 30 30 30
32 35 30 5a 17 0d 30 39 80229000250Z..09
Tue Mar 4 16:45:59 2008: 000000d0: 30 32 32 38 30 30 31 32
35 30 5a 30 12 31 10 30 0228001250Z0.1.0
Tue Mar 4 16:45:59 2008: 000000e0: 0e 06 03 55 04 03 13 07
41 43 53 63 65 72 74 30 ...U....ACScert0
Tue Mar 4 16:45:59 2008: 000000f0: 81 9f 30 0d 06 09 2a 86
48 86 f7 0d 01 01 01 05 ..0...*.H.......
Tue Mar 4 16:45:59 2008: 00000100: 00 03 81 8d 00 30 81 89
02 81 81 00 e4 cb 25 a1 .....0........%.
Tue Mar 4 16:45:59 2008: 00000110: 96 3f df 4f ff 0d de 8a
89 6f 33 b1 b3 b9 fe 6e .?.O.....o3....n
Tue Mar 4 16:45:59 2008: 00000120: df 6a 01 cf 7f b4 44 5b
6b 4e 91 17 9c 88 d3 6c .j....D[kN.....l
Tue Mar 4 16:45:59 2008: 00000130: 1a 44 5e 1e e7 c1 c5 ae
c2 6f e7 ca 63 31 5f 3a .D^......o..c1_:
Tue Mar 4 16:45:59 2008: 00000140: cf a9 da 83 0e c8 94 93
35 2e c8 f1 21 b0 78 1c ........5...!.x.
Tue Mar 4 16:45:59 2008: 00000150: a1 ca f7 e9 40 a7 d1 7a
f1 85 d6 e9 36 46 51 a7 ....@..z....6FQ.
Tue Mar 4 16:45:59 2008: 00000160: a7 bf 70 db a7 47 da db
59 69 17 db 06 a3 7e b1 ..p..G..Yi....~.
Tue Mar 4 16:45:59 2008: 00000170: 3c e5 ad 39 7f ee 61 cd
ab 3e 0e 8a d5 c1 47 d4 <..9..a..>....G.
Tue Mar 4 16:45:59 2008: 00000180: 65 62 09 22 f4 75 c5 5b
b1 42 94 14 9f c7 02 03 eb.".u.[.B......
Tue Mar 4 16:45:59 2008: 00000190: 01 00 01 a3 82 01 97 30
82 01 93 30 0e 06 03 55 .......0...0...U
Tue Mar 4 16:45:59 2008: 000001a0: 1d 0f 01 01 ff 04 04 03
02 04 f0 30 44 06 09 2a ...........0D..*
Tue Mar 4 16:45:59 2008: 000001b0: 86 48 86 f7 0d 01 09 0f
04 37 30 35 30 0e 06 08 .H.......7050...
Tue Mar 4 16:45:59 2008: 000001c0: 2a 86 48 86 f7 0d 03 02
02 02 00 80 30 0e 06 08 *.H.........0...
Tue Mar 4 16:45:59 2008: 000001d0: 2a 86 48 86 f7 0d 03 04
02 02 00 80 30 07 06 05 *.H.........0...
Tue Mar 4 16:45:59 2008: 000001e0: 2b 0e 03 02 07 30 0a 06
08 2a 86 48 86 f7 0d 03 +....0...*.H....
Tue Mar 4 16:45:59 2008: 000001f0: 07 30 1d 06 03 55 1d 0e
04 16 04 14 b3 fe c9 de .0...U..........
Tue Mar 4 16:45:59 2008: 00000200: 52 60 44 c8 9a c2 4a c2
b4 fd 98 2c 8b 39 5a a6 R`D...J....,.9Z.
Tue Mar 4 16:45:59 2008: 00000210: 30 13 4f ff 06 03 55 1d
25 04 0c 30 0a 06 08 2b 0.O...U.%..0...+
Tue Mar 4 16:45:59 2008: 00000220: 06 01 05 05 07 03 01 30
1f 06 03 55 1d 23 04 18 .......0...U.#..
Tue Mar 4 16:45:59 2008: 00000230: 30 16 80 14 f0 a4 3a c2
cd f5 d4 c8 b4 5e ee 03 0.....:......^..
Tue Mar 4 16:45:59 2008: 00000240: 4f 83 79 b1 f2 d4 e0 19
30 5f 06 03 55 1d 1f 04 O.y.....0_..U...
Tue Mar 4 16:45:59 2008: 00000250: 58 30 56 30 54 a0 52 a0
50 86 25 68 74 74 70 3a X0V0T.R.P.%http:
Tue Mar 4 16:45:59 2008: 00000260: 2f 2f 77 63 73 77 69 6e
2f 43 65 72 74 45 6e 72 //wcswin/CertEnr
Tue Mar 4 16:46:00 2008: 00000270: 6f 6c 6c 2f 41 41 52 4f
4e 4c 41 42 2e 63 72 6c oll/AARONLAB.crl
Tue Mar 4 16:46:00 2008: 00000280: 86 27 66 69 6c 65 3a 2f
2f 5c 5c 77 63 73 77 69 .'file://\\wcswi
Tue Mar 4 16:46:00 2008: 00000290: 6e 5c 43 65 72 74 45 6e
72 6f 6c 6c 5c 41 41 52 n\CertEnroll\AAR
Tue Mar 4 16:46:00 2008: 000002a0: 4f 4e 4c 41 42 2e 63 72
6c 30 81 84 06 08 2b 06 ONLAB.crl0....+.
Tue Mar 4 16:46:00 2008: 000002b0: 01 05 05 07 01 01 04 78
30 76 30 38 06 08 2b 06 .......x0v08..+.
Tue Mar 4 16:46:00 2008: 000002c0: 01 05 05 07 30 02 86 2c
68 74 74 70 3a 2f 2f 77 ....0..,http://w
Tue Mar 4 16:46:00 2008: 000002d0: 63 73 77 69 6e 2f 43 65
72 74 45 6e 72 6f 6c 6c cswin/CertEnroll
Tue Mar 4 16:46:00 2008: 000002e0: 2f 77 63 73 77 69 6e 5f
41 41 52 4f 4e 4c 41 42 /wcswin_AARONLAB
Tue Mar 4 16:46:00 2008: 000002f0: 2e 63 72 74 30 3a 06 08
2b 06 01 05 05 07 30 02 .crt0:..+.....0.
Tue Mar 4 16:46:00 2008: 00000300: 86 2e 66 69 6c 65 3a 2f
2f 5c 5c 77 63 73 77 69 ..file://\\wcswi
Tue Mar 4 16:46:00 2008: 00000310: 6e 4f ff 5c 43 65 72 74
45 6e 72 6f 6c 6c 5c 77 nO.\CertEnroll\w
Tue Mar 4 16:46:00 2008: 00000320: 63 73 77 69 6e 5f 41 41
52 4f 4e 4c 41 42 2e 63 cswin_AARONLAB.c
Tue Mar 4 16:46:00 2008: 00000330: 72 74 30 0d 06 09 2a 86
48 86 f7 0d 01 01 05 05 rt0...*.H.......
Tue Mar 4 16:46:00 2008: 00000340: 00 03 82 01 01 00 67 35
f2 80 42 b5 a8 be f7 c4 ......g5..B.....
Tue Mar 4 16:46:00 2008: 00000350: 9b ea 19 10 67 39 78 cb
38 fb 36 15 69 2a f0 80 ....g9x.8.6.i*..
Tue Mar 4 16:46:00 2008: 00000360: 1e a1 7d 63 72 6a e0 7e
d4 51 7a 1d 64 ec ee b5 ..}crj.~.Qz.d...
Tue Mar 4 16:46:00 2008: 00000370: 2a 73 dc b0 d1 eb 0f 28
1d 66 7a bc 12 ef d8 61 *s.....(.fz....a
Tue Mar 4 16:46:00 2008: 00000380: 5d 05 7b 81 0f 57 20 4d
49 37 4d ba 0b 5a 96 65 ].{..W.MI7M..Z.e
Tue Mar 4 16:46:00 2008: 00000390: d6 a8 e1 bb 1f c6 0e 27
4c 4b d6 3a 00 c7 8d 83 .......'LK.:....
Tue Mar 4 16:46:00 2008: 000003a0: 22 a5 29 61 36 19 19 33
f2 41 18 f7 c6 42 23 36 ".)a6..3.A...B#6
Tue Mar 4 16:46:00 2008: 000003b0: 92 66 4a d9 ef fa 32 d7
a5 0a df 47 50 3c 72 23 .fJ...2....GP<r#
Tue Mar 4 16:46:00 2008: 000003c0: f0 0a d5 59 eb a8 79 f2
e0 56 a0 97 91 48 60 31 ...Y..y..V...H`1
Tue Mar 4 16:46:00 2008: 000003d0: 56 8d 2f b2 69 45 e5 44
3a 59 13 dd 66 eb c7 58 V./.iE.D:Y..f..X
Tue Mar 4 16:46:00 2008: 000003e0: 35 90 7c 79 69 ee dc 6e
19 68 b3 c3 4c ba 7d b3 5.|yi..n.h..L.}.
Tue Mar 4 16:46:00 2008: 000003f0: 8f a0 b9 e0 cf df 67 93
6f 01 d4 34 33 86 b6 95 ......g.o..43...
Tue Mar 4 16:46:00 2008: 00000400: 77 1b 19 61 34 46 82 4c
8e 6b b4 6b e2 4a c1 20 w..a4F.L.k.k.J..
Tue Mar 4 16:46:00 2008: 00000410: 18 1d 45 41 50 3d 30 2e
32 30 32 2e 32 37 65 61 ..EAP=0.202.27ea
Tue Mar 4 16:46:00 2008: 00000420: 2e 32 3b 53 56 43 3d 30
2e 36 34 37 3b 50 12 3a .2;SVC=0.647;P.:
Tue Mar 4 16:46:00 2008: 00000430: f3 3b 7f 99 45 f4 e6 a6
29 c4 17 51 ce 97 df .;..E...)..Q...
Tue Mar 4 16:46:00 2008: ****Enter processIncomingMessages: response code=11
Tue Mar 4 16:46:00 2008: ****Enter processRadiusResponse: response code=11
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Access-Challenge received from
RADIUS server 10.0.47.42 for mobile 00:19:56:b0:
7e:b6 receiveId = 7
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Processing Access-Challenge for
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Req state
(id=178) for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Sending EAP Request from AAA to
mobile 00:19:56:b0:7e:b6 (EAP Id 178)
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Received EAP Response from
mobile 00:19:56:b0:7e:b6 (EAP Id 178, EAP Type 13)
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Response
state for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:00 2008: 00:19:56:b0:7e:b6 Successful transmission of
Authentication Packet (id 20) to 10.0.47.42:1812,
proxy state 00:19:56:b0:7e:b6-00:00
Tue Mar 4 16:46:00 2008: 00000000: 01 14 00 b7 e8 b0 94 59
96 a1 7f e5 af 22 0f 6c .......Y.....".l
Tue Mar 4 16:46:00 2008: 00000010: 1e 33 6e ee 01 05 57 47
42 1f 13 30 30 2d 31 39 .3n...WGB..00-19
Tue Mar 4 16:46:00 2008: 00000020: 2d 35 36 2d 42 30 2d 37
45 2d 42 36 1e 1a 30 30 -56-B0-7E-B6..00
Tue Mar 4 16:46:00 2008: 00000030: 2d 31 39 2d 41 39 2d 34
32 2d 45 34 2d 31 30 3a -19-A9-42-E4-10:
Tue Mar 4 16:46:00 2008: 00000040: 45 41 50 54 4c 53 05 06
00 00 00 04 04 06 0a 00 EAPTLS..........
Tue Mar 4 16:46:00 2008: 00000050: 2f 06 20 10 74 75 63 73
6f 6e 2d 77 6c 63 32 30 /...tucson-wlc20
Tue Mar 4 16:46:00 2008: 00000060: 30 36 1a 0c 00 00 37 63
01 06 00 00 00 06 06 06 06....7c........
Tue Mar 4 16:46:00 2008: 00000070: 00 00 00 02 0c 06 00 00
05 14 3d 06 00 00 00 13 ..........=.....
Tue Mar 4 16:46:00 2008: 00000080: 4f 08 02 b2 00 06 0d 00
18 1d 45 41 50 3d 30 2e O.........EAP=0.
Tue Mar 4 16:46:00 2008: 00000090: 32 30 32 2e 32 37 65 61
2e 32 3b 53 56 43 3d 30 202.27ea.2;SVC=0
Tue Mar 4 16:46:00 2008: 000000a0: 2e 36 34 37 3b 50 12 a2
aa c7 ed 12 84 25 db 4b .647;P.......%.K
Tue Mar 4 16:46:00 2008: 000000b0: 4c dc 45 09 06 44 c6 L.E..D.
Tue Mar 4 16:46:00 2008: 00000000: 0b 14 04 04 6b 98 3a 74
12 1f 77 54 77 d8 a8 77 ....k.:t..wTw..w
Tue Mar 4 16:46:00 2008: 00000010: 4e a8 a7 6b 4f ff 01 b3
03 b9 0d 00 c6 87 1d b6 N..kO...........
Tue Mar 4 16:46:00 2008: 00000020: 06 5b 24 67 26 09 ee 5f
9c 64 f3 a9 c1 99 49 3e .[$g&.._.d....I>
Tue Mar 4 16:46:00 2008: 00000030: 2b 79 f1 57 17 65 6c 2f
c4 09 4d 54 7d a4 67 91 +y.W.el/..MT}.g.
Tue Mar 4 16:46:00 2008: 00000040: 48 59 ec aa 68 5b 0f 66
c5 e9 22 a6 09 8d 36 cf HY..h[.f.."...6.
Tue Mar 4 16:46:00 2008: 00000050: e3 d9 00 03 68 30 82 03
64 30 82 02 4c a0 03 02 ....h0..d0..L...
Tue Mar 4 16:46:00 2008: 00000060: 01 02 02 10 61 26 83 24
8d ba 53 9b 44 b0 39 bd ....a&.$..S.D.9.
Tue Mar 4 16:46:00 2008: 00000070: 51 cd 1d 48 30 0d 06 09
2a 86 48 86 f7 0d 01 01 Q..H0...*.H.....
Tue Mar 4 16:46:00 2008: 00000080: 05 05 00 30 13 31 11 30
0f 06 03 55 04 03 13 08 ...0.1.0...U....
Tue Mar 4 16:46:00 2008: 00000090: 41 41 52 4f 4e 4c 41 42
30 1e 17 0d 30 38 30 32 AARONLAB0...0802
Tue Mar 4 16:46:00 2008: 000000a0: 32 38 32 33 33 34 34 38
5a 17 0d 31 38 30 32 32 28233448Z..18022
Tue Mar 4 16:46:00 2008: 000000b0: 38 32 33 34 31 32 35 5a
30 13 31 11 30 0f 06 03 8234125Z0.1.0...
Tue Mar 4 16:46:00 2008: 000000c0: 55 04 03 13 08 41 41 52
4f 4e 4c 41 42 30 82 01 U....AARONLAB0..
Tue Mar 4 16:46:00 2008: 000000d0: 22 30 0d 06 09 2a 86 48
86 f7 0d 01 01 01 05 00 "0...*.H........
Tue Mar 4 16:46:00 2008: 000000e0: 03 82 01 0f 00 30 82 01
0a 02 82 01 01 00 c8 5a .....0.........Z
Tue Mar 4 16:46:00 2008: 000000f0: 57 75 45 19 4a 8b 99 da
35 6c cb e0 b6 a0 ff 66 WuE.J...5l.....f
Tue Mar 4 16:46:00 2008: 00000100: e2 8f c1 44 89 09 32 13
c7 d8 70 6c 6d 74 2d e5 ...D..2...plmt-.
Tue Mar 4 16:46:00 2008: 00000110: 89 b8 23 4f ff ea 0a 0e
2d 57 1b 62 36 05 90 92 ..#O....-W.b6...
Tue Mar 4 16:46:00 2008: 00000120: e0 ea f9 a3 e2 fb 54 87
f4 cf 69 52 86 be 0b ca ......T...iR....
Tue Mar 4 16:46:00 2008: 00000130: 14 d1 88 9d 82 01 9a f7
08 da ba cc c9 29 37 94 .............)7.
Tue Mar 4 16:46:00 2008: 00000140: 27 75 d4 6e ae 9e 60 06
84 94 9b 42 f6 c7 5e e0 'u.n..`....B..^.
Tue Mar 4 16:46:00 2008: 00000150: 29 34 b3 06 cb 24 b1 39
73 84 ba be ba d8 6f bb )4...$.9s.....o.
Tue Mar 4 16:46:00 2008: 00000160: 94 f9 32 36 d6 68 68 f2
b2 43 e6 0e a9 b6 4b 62 ..26.hh..C....Kb
Tue Mar 4 16:46:00 2008: 00000170: b8 f9 6e 47 dc 0e c5 5b
16 a3 94 e9 96 08 e5 18 ..nG...[........
Tue Mar 4 16:46:00 2008: 00000180: f0 38 ad a2 98 d3 7c 73
39 80 4a ae 14 e3 f8 f7 .8....|s9.J.....
Tue Mar 4 16:46:00 2008: 00000190: 1e 14 27 bb 6a ce a1 2a
dc 18 66 59 ea b4 d9 b1 ..'.j..*..fY....
Tue Mar 4 16:46:00 2008: 000001a0: a7 50 e9 ff 56 09 ea 93
df 31 08 09 17 ab e5 e9 .P..V....1......
Tue Mar 4 16:46:00 2008: 000001b0: 80 90 30 95 e4 54 90 75
bc f0 7f 13 b1 e7 cd 0b ..0..T.u........
Tue Mar 4 16:46:00 2008: 000001c0: 88 33 81 e7 74 d2 81 d9
97 ab b2 57 f4 5f f6 8b .3..t......W._..
Tue Mar 4 16:46:00 2008: 000001d0: 1e c2 62 d4 de 94 74 7f
8a 28 3b 64 73 88 86 28 ..b...t..(;ds..(
Tue Mar 4 16:46:00 2008: 000001e0: 92 74 b0 92 94 7e ce e1
74 23 f2 64 da 9a 88 47 .t...~..t#.d...G
Tue Mar 4 16:46:00 2008: 000001f0: 02 03 01 00 01 a3 81 b3
30 81 b0 30 0b 06 03 55 ........0..0...U
Tue Mar 4 16:46:00 2008: 00000200: 1d 0f 04 04 03 02 01 86
30 0f 06 03 55 1d 13 01 ........0...U...
Tue Mar 4 16:46:00 2008: 00000210: 01 ff 4f ff 04 05 30 03
01 01 ff 30 1d 06 03 55 ..O...0....0...U
Tue Mar 4 16:46:00 2008: 00000220: 1d 0e 04 16 04 14 f0 a4
3a c2 cd f5 d4 c8 b4 5e ........:......^
Tue Mar 4 16:46:00 2008: 00000230: ee 03 4f 83 79 b1 f2 d4
e0 19 30 5f 06 03 55 1d ..O.y.....0_..U.
Tue Mar 4 16:46:00 2008: 00000240: 1f 04 58 30 56 30 54 a0
52 a0 50 86 25 68 74 74 ..X0V0T.R.P.%htt
Tue Mar 4 16:46:00 2008: 00000250: 70 3a 2f 2f 77 63 73 77
69 6e 2f 43 65 72 74 45 p://wcswin/CertE
Tue Mar 4 16:46:00 2008: 00000260: 6e 72 6f 6c 6c 2f 41 41
52 4f 4e 4c 41 42 2e 63 nroll/AARONLAB.c
Tue Mar 4 16:46:00 2008: 00000270: 72 6c 86 27 66 69 6c 65
3a 2f 2f 5c 5c 77 63 73 rl.'file://\\wcs
Tue Mar 4 16:46:00 2008: 00000280: 77 69 6e 5c 43 65 72 74
45 6e 72 6f 6c 6c 5c 41 win\CertEnroll\A
Tue Mar 4 16:46:00 2008: 00000290: 41 52 4f 4e 4c 41 42 2e
63 72 6c 30 10 06 09 2b ARONLAB.crl0...+
Tue Mar 4 16:46:00 2008: 000002a0: 06 01 04 01 82 37 15 01
04 03 02 01 00 30 0d 06 .....7.......0..
Tue Mar 4 16:46:00 2008: 000002b0: 09 2a 86 48 86 f7 0d 01
01 05 05 00 03 82 01 01 .*.H............
Tue Mar 4 16:46:00 2008: 000002c0: 00 17 eb b2 43 da 02 66
05 cd 76 c0 7b 2a 16 83 ....C..f..v.{*..
Tue Mar 4 16:46:00 2008: 000002d0: 95 bb 5e bf d3 db fc 23
7e 14 6e 52 f8 37 01 7c ..^....#~.nR.7.|
Tue Mar 4 16:46:00 2008: 000002e0: dd e9 bf 34 60 49 f1 68
7e da 53 07 f6 b2 66 6d ...4`I.h~.S...fm
Tue Mar 4 16:46:00 2008: 000002f0: 8c bd ca 26 f4 fa 3d 03
4f db be 92 33 7e 50 06 ...&..=.O...3~P.
Tue Mar 4 16:46:00 2008: 00000300: 5e b3 b9 35 c6 83 3c 90
1e 42 54 3e 63 17 9a 8a ^..5..<..BT>c...
Tue Mar 4 16:46:00 2008: 00000310: d0 4f c4 68 24 97 90 a1
77 c9 c8 93 1f 58 ab ca .O.h$...w....X..
Tue Mar 4 16:46:00 2008: 00000320: f7 18 e6 8c 36 12 44 9d
a6 ca 43 5f 03 07 16 99 ....6.D...C_....
Tue Mar 4 16:46:00 2008: 00000330: 1d a4 48 7d a4 e5 12 7c
d0 81 e7 35 9e ad 69 5e ..H}...|...5..i^
Tue Mar 4 16:46:00 2008: 00000340: 15 d7 2a 7f 51 4e 8c 59
69 9f d1 41 9b 2e e1 05 ..*.QN.Yi..A....
Tue Mar 4 16:46:00 2008: 00000350: 95 15 bd b1 1a 97 a6 69
d3 9c 0b 93 00 16 e1 49 .......i.......I
Tue Mar 4 16:46:00 2008: 00000360: 66 e3 98 29 79 ba 14 69
cf 76 27 69 7d 43 d0 f4 f..)y..i.v'i}C..
Tue Mar 4 16:46:00 2008: 00000370: 86 3c 6b 58 55 d4 85 be
c5 da 71 e4 43 76 3d 0a .<kXU.....q.Cv=.
Tue Mar 4 16:46:00 2008: 00000380: d3 4f 49 97 12 75 e3 7d
88 92 99 5d fc 7a 69 28 .OI..u.}...].zi(
Tue Mar 4 16:46:00 2008: 00000390: f6 f0 20 70 33 b7 22 5a
bf c5 e5 28 43 35 00 2f ...p3."Z...(C5./
Tue Mar 4 16:46:00 2008: 000003a0: 47 46 9a 5a 45 5c 56 d5
24 3d 44 bf e9 63 f2 05 GF.ZE\V.$=D..c..
Tue Mar 4 16:46:01 2008: 000003b0: 84 da 94 17 b7 ef c3 31
7d 04 30 87 e1 c3 31 8a .......1}.0...1.
Tue Mar 4 16:46:01 2008: 000003c0: 2a e1 52 16 03 01 00 0d
0d 00 00 05 02 01 02 00 *.R.............
Tue Mar 4 16:46:01 2008: 000003d0: 00 0e 00 00 00 18 1d 45
41 50 3d 30 2e 32 30 32 .......EAP=0.202
Tue Mar 4 16:46:01 2008: 000003e0: 2e 32 37 65 61 2e 33 3b
53 56 43 3d 30 2e 36 34 .27ea.3;SVC=0.64
Tue Mar 4 16:46:01 2008: 000003f0: 37 3b 50 12 05 0e 3c e0
e4 5f 38 21 96 26 8e 39 7;P...<.._8!.&.9
Tue Mar 4 16:46:01 2008: 00000400: 96 a9 09 5d...]
Tue Mar 4 16:46:01 2008: ****Enter processIncomingMessages: response code=11
Tue Mar 4 16:46:01 2008: ****Enter processRadiusResponse: response code=11
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Access-Challenge received from
RADIUS server 10.0.47.42 for mobile 00:19:56:b0:
7e:b6 receiveId = 7
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Processing Access-Challenge for
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Req state
(id=179) for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Sending EAP Request from AAA to
mobile 00:19:56:b0:7e:b6 (EAP Id 179)
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Received EAPOL EAPPKT from
mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Received EAP Response from
mobile 00:19:56:b0:7e:b6 (EAP Id 179, EAP Type 13)
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Entering Backend Auth Response
state for mobile 00:19:56:b0:7e:b6
Tue Mar 4 16:46:01 2008: 00:19:56:b0:7e:b6 Successful transmission of
Authentication Packet (id 21) to 10.0.47.42:1812,
proxy state
00:19:56:b0:7e:b6-00:00
Tue Mar 4 16:46:01 2008: 00000000: 01 15 05 76 81 b7 fa 95
63 1f 50 6f 98 4d a3 6b ...v....c.Po.M.k
Tue Mar 4 16:46:01 2008: 00000010: db 3c bc 1d 01 05 57 47
42 1f 13 30 30 2d 31 39 .<....WGB..00-19
Tue Mar 4 16:46:01 2008: 00000020: 2d 35 36 2d 42 30 2d 37
45 2d 42 36 1e 1a 30 30 -56-B0-7E-B6..00
Tue Mar 4 16:46:01 2008: 00000030: 2d 31 39 2d 41 39 2d 34
32 2d 45 34 2d 31 30 3a -19-A9-42-E4-10:
Tue Mar 4 16:46:01 2008: 00000040: 45 41 50 54 4c 53 05 06
00 00 00 04 04 06 0a 00 EAPTLS..........
Tue Mar 4 16:46:01 2008: 00000050: 2f 06 20 10 74 75 63 73
6f 6e 2d 77 6c 63 32 30 /...tucson-wlc20
Tue Mar 4 16:46:01 2008: 00000060: 30 36 1a 0c 00 00 37 63
01 06 00 00 00 06 06 06 06....7c........
Tue Mar 4 16:46:01 2008: 00000070: 00 00 00 02 0c 06 00 00
05 14 3d 06 00 00 00 13 ..........=.....
Tue Mar 4 16:46:01 2008: 00000080: 4f ff 02 b3 04 bd 0d 80
00 00 04 b3 16 03 01 03 O...............
Tue Mar 4 16:46:01 2008: 00000090: 6d 0b 00 03 69 00 03 66
00 03 63 30 82 03 5f 30 m...i..f..c0.._0
Tue Mar 4 16:46:01 2008: 000000a0: 82 02 47 a0 03 02 01 02
02 0a 13 79 b0 72 00 00 ..G........y.r..
Tue Mar 4 16:46:01 2008: 000000b0: 00 00 00 0c 30 0d 06 09
2a 86 48 86 f7 0d 01 01 ....0...*.H.....
Tue Mar 4 16:46:01 2008: 000000c0: 05 05 00 30 13 31 11 30
0f 06 03 55 04 03 13 08 ...0.1.0...U....
Tue Mar 4 16:46:01 2008: 000000d0: 41 41 52 4f 4e 4c 41 42
30 1e 17 0d 30 38 30 33 AARONLAB0...0803
Tue Mar 4 16:46:01 2008: 000000e0: 30 33 31 38 33 33 30 39
5a 17 0d 30 39 30 33 30 03183309Z..09030
Tue Mar 4 16:46:01 2008: 000000f0: 33 31 38 34 33 30 39 5a
30 0e 31 0c 30 0a 06 03 3184309Z0.1.0...
Tue Mar 4 16:46:01 2008: 00000100: 55 04 03 13 03 57 47 42
30 81 9f 30 0d 06 09 2a U....WGB0..0...*
Tue Mar 4 16:46:01 2008: 00000110: 86 48 86 f7 0d 01 01 01
05 00 03 81 8d 00 30 81 .H............0.
Tue Mar 4 16:46:01 2008: 00000120: 89 02 81 81 00 a6 34 91
20 dd 58 df b2 60 c0 6c ......4...X..`.l
Tue Mar 4 16:46:01 2008: 00000130: d0 9d 10 86 01 a9 61 9f
cb 2b 01 22 49 d7 38 ee ......a..+."I.8.
Tue Mar 4 16:46:01 2008: 00000140: 00 fe be c9 cd 48 4b 73
a0 75 6d bb d0 c9 20 24 .....HKs.um....$
Tue Mar 4 16:46:01 2008: 00000150: 0f cc f0 76 2f ad ef 43
53 8f b7 ec c7 50 04 02 ...v/..CS....P..
Tue Mar 4 16:46:01 2008: 00000160: d8 03 4a 7d 08 9e b4 f2
78 ab 36 06 ba f7 02 ab ..J}....x.6.....
Tue Mar 4 16:46:01 2008: 00000170: a1 6e 26 6c 2d d4 10 08
0d 25 82 1a d2 fc 14 4f .n&l-....%.....O
Tue Mar 4 16:46:01 2008: 00000180: ff 86 fa fd 84 ec de be
3c 3e f8 be d6 b6 7b 81 ........<>....{.
Tue Mar 4 16:46:01 2008: 00000190: 89 9a da a6 96 fd 7f e7
dd bf 7f 26 6e 20 03 63 ...........&n..c
Tue Mar 4 16:46:01 2008: 000001a0: c4 a2 56 4c 8e 75 99 02
03 01 00 01 a3 82 01 3c ..VL.u.........<
Tue Mar 4 16:46:01 2008: 000001b0: 30 82 01 38 30 0e 06 03
55 1d 0f 01 01 ff 04 04 0..80...U.......
Tue Mar 4 16:46:01 2008: 000001c0: 03 02 05 a0 30 1d 06 03
55 1d 0e 04 16 04 14 41 ....0...U......A
Tue Mar 4 16:46:01 2008: 000001d0: 97 b6 32 83 7f c0 88 11
4d 59 d5 44 70 e9 0f c6 ..2.....MY.Dp...
Tue Mar 4 16:46:01 2008: 000001e0: 3b a2 85 30 1f 06 03 55
1d 23 04 18 30 16 80 14 ;..0...U.#..0...
Tue Mar 4 16:46:01 2008: 000001f0: f0 a4 3a c2 cd f5 d4 c8
b4 5e ee 03 4f 83 79 b1 ..:......^..O.y.
Tue Mar 4 16:46:01 2008: 00000200: f2 d4 e0 19 30 5f 06 03
55 1d 1f 04 58 30 56 30 ....0_..U...X0V0
Tue Mar 4 16:46:01 2008: 00000210: 54 a0 52 a0 50 86 25 68
74 74 70 3a 2f 2f 77 63 T.R.P.%http://wc
Tue Mar 4 16:46:01 2008: 00000220: 73 77 69 6e 2f 43 65 72
74 45 6e 72 6f 6c 6c 2f swin/CertEnroll/
Tue Mar 4 16:46:01 2008: 00000230: 41 41 52 4f 4e 4c 41 42
2e 63 72 6c 86 27 66 69 AARONLAB.crl.'fi
Tue Mar 4 16:46:01 2008: 00000240: 6c 65 3a 2f 2f 5c 5c 77
63 73 77 69 6e 5c 43 65 le://\\wcswin\Ce
Tue Mar 4 16:46:01 2008: 00000250: 72 74 45 6e 72 6f 6c 6c
5c 41 41 52 4f 4e 4c 41 rtEnroll\AARONLA
Tue Mar 4 16:46:01 2008: 00000260: 42 2e 63 72 6c 30 81 84
06 08 2b 06 01 05 05 07 B.crl0....+.....
Tue Mar 4 16:46:01 2008: 00000270: 01 01 04 78 30 76 30 38
06 08 2b 06 01 05 4f ff ...x0v08..+...O.
Tue Mar 4 16:46:01 2008: 00000280: 05 07 30 02 86 2c 68 74
74 70 3a 2f 2f 77 63 73 ..0..,http://wcs
Tue Mar 4 16:46:01 2008: 00000290: 77 69 6e 2f 43 65 72 74
45 6e 72 6f 6c 6c 2f 77 win/CertEnroll/w
Tue Mar 4 16:46:01 2008: 000002a0: 63 73 77 69 6e 5f 41 41
52 4f 4e 4c 41 42 2e 63 cswin_AARONLAB.c
Tue Mar 4 16:46:01 2008: 000002b0: 72 74 30 3a 06 08 2b 06
01 05 05 07 30 02 86 2e rt0:..+.....0...
Tue Mar 4 16:46:01 2008: 000002c0: 66 69 6c 65 3a 2f 2f 5c
5c 77 63 73 77 69 6e 5c file://\\wcswin\
Tue Mar 4 16:46:01 2008: 000002d0: 43 65 72 74 45 6e 72 6f
6c 6c 5c 77 63 73 77 69 CertEnroll\wcswi
Tue Mar 4 16:46:01 2008: 000002e0: 6e 5f 41 41 52 4f 4e 4c
41 42 2e 63 72 74 30 0d n_AARONLAB.crt0.
Tue Mar 4 16:46:01 2008: 000002f0: 06 09 2a 86 48 86 f7 0d
01 01 05 05 00 03 82 01 ..*.H...........
Tue Mar 4 16:46:01 2008: 00000300: 01 00 2e a1 3f f3 52 52
97 b5 83 43 0f 61 20 64 ....?.RR...C.a.d
Tue Mar 4 16:46:01 2008: 00000310: 40 fd d3 16 38 4f d9 5f
64 94 a7 c2 59 53 53 52 @...8O._d...YSSR
Tue Mar 4 16:46:01 2008: 00000320: 90 5d ee 1c e0 2a 90 af
f4 e8 51 3e 87 38 9a ce .]...*....Q>.8..
Tue Mar 4 16:46:01 2008: 00000330: 88 0c 4f 1f ad f1 ef dd
96 44 6b 51 4e 9f 2c a1 ..O......DkQN.,.
Tue Mar 4 16:46:01 2008: 00000340: 8a c5 0e bd d0 f9 7e 34
fa 22 67 26 e1 26 e6 3e ......~4."g&.&.>
Tue Mar 4 16:46:01 2008: 00000350: bd b8 9f 64 f0 65 6f 23
f0 67 40 60 0f 4b f1 ff ...d.eo#.g@`.K..
Tue Mar 4 16:46:01 2008: 00000360: c1 9c 3c 11 81 be b2 7a
45 b6 bd f2 26 76 2a 3a ..<....zE...&v*:
Tue Mar 4 16:46:01 2008: 00000370: 52 32 65 cf 62 0b 47 65
b4 b5 fa db b4 4f ff 07 R2e.b.Ge.....O..
Tue Mar 4 16:46:01 2008: 00000380: ae 54 58 11 d8 52 8f f8
e3 e5 00 f1 c4 1d 2a a4 .TX..R........*. |
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
21-Jun-2010 |
初始版本 |
意見