【PDF】使用的组件 - 资源下载

编辑：

huangshuowei01

2019-10-05

目录使用的组件简介 show client 输出中的简要 PEM 状态情景 1:用于客户端上的 WPA/WPA2 PSK 身份验证的口令配置不当情景 2:无线电话听筒 (792x/9971) 未能与无线离开服务区关联情景 3:为WPA 配置客户端,但仅为 WPA2 配置 AP 情景 4:解析 AAA 返回或响应代码.

情景 5:客户端未能关联 AP 情景 6:由于空闲超时,客户端取消关联情景 7:由于会话超时,客户端取消关联情景 8:由于 WLAN 更改,客户端取消关联情景 9:由于从 WLC 手动删除,客户端取消关联情景 10:由于身份验证超时,客户端取消关联情景 11:由于 AP 无线电重置(电源/通道),客户端取消关联情景 12:Symantec 客户端发生 802.1X timeoutEvt 问题情景 13:对于已开启 mDNS 监听的客户端未显示 Air Print 服务情景 14:由于已禁用快速 SSID 更改,Apple IOS 客户端无法加入网络情景 15:客户端 LDAP 关联成功情景 16:对LDAP 的客户端身份验证失败情景 17:由于 LDAP 在WLC 上配置不当,发生客户端关联问题情景 18:当LDAP 服务器无法访问时,发生客户端关联问题情景 19:由于缺少粘性漫游配置,Apple 客户端发生漫游问题情景 20:通过 CCKM 验证快速安全漫游 (FSR) 情景 21:通过 WPA2 PMKID 缓存验证快速安全漫游 (FSR) 情景 22:通过主动密钥缓存验证快速安全漫游 (FSR) 情景 23:通过 802.11r 验证快速安全漫游 (FSR)思科支持社区相关讨论简介本文档是通过调试(通常采用 debug client 命令)对常见无线问题进行解析的速查手册.通过 show client 和调试进行解析要求用户先了解一些 PEM 状态和 APF 状态. 使用的组件本文档同样适用于所有 AireOS 控制器.在编写本文档时,这些控制器包括 440x、

5508、

5520、 75xx、85xx、2504 和vWLC 以及 Wisms.虽然许多概念在融合接入 IOS-XE 控制器和交换机中完全相同,但由于输出和调试截然不同,因此本文档对其并不适用. show client 输出中的简要 PEM 状态 START - 新客户端条目的初始状态. AUTHCHECK - WLAN 具有要执行的 L2 身份验证策略. 8021X_REQD - 客户端必须完成 802.1x 身份验证. L2AUTHCOMPLETE - 客户端已成功实施 L2 策略.该过程现在可以继续执行 L3 策略(地址获知和 Web 身份验证等).如果控制器是同一移动组中的漫游客户端,则该控制器会在此处发送移动通告,以从其他控制器获知 L3 信息. WEP_REQD - 客户端必须完成 WEP 身份验证. DHCP_REQD - 控制器需要从客户端获知 L3 地址,这是通过 ARP 请求、DHCP 请求或续订, 或者通过从移动组中的另一个控制器获知的信息来完成.如果在 WLAN 上标记了需要 DHCP (DHCP Required),则仅使用 DHCP 或移动信息. WEBAUTH_REQD - 客户端必须完成 Web 身份验证.(L3 策略) CENTRAL_WEBAUTH_REQD - 客户端必须完成 CWA 登录,WLC 正在等待接收 CoA. RUN - 客户端已成功实施所需的 L2 和L3 策略,并且现在可以将流量传输到网络. 以下情景将显示无线设置中常见配置不当情况的关键调试行,以粗体突出显示关键参数. 情景 1:用于客户端上的 WPA/WPA2 PSK 身份验证的口令配置不当 (Cisco Controller) >

show client detail 24:77:03:19:fb:70 Client MAC Address.24:77:03:19:fb:70 Client Username N/A AP MAC Address.ec:c8:82:a4:5b:c0 AP Name.Shankar_AP_1042 AP radio slot Id.1 Client State.Associated Client NAC OOB State.Access Wireless LAN Id.5 Hotspot (802.11u)Not Supported BSSID.ec:c8:82:a4:5b:cb Connected For

0 secs Channel.44 IP Address.Unknown Gateway Address.Unknown Netmask.Unknown Association Id.1 Authentication Algorithm.Open System Reason Code.1 Status Code.0 Session Timeout.0 Client CCX version.4 Client E2E version.1 QoS Level.Silver Avg data Rate.0 Burst data Rate.0 Avg Real time data Rate.0 Burst Real Time data Rate.0 802.1P Priority Tag.2 CTS Security Group Tag.Not Applicable KTS CAC Capability.No WMM Support.Enabled APSD ACs.BK BE VI VO Power Save.OFF Current Rate.m15 Supported Rates.6.0,9.0,12.0,18.0,24.0,36.0, 48.0,54.0 Mobility State.None Mobility Move Count.0 Security Policy Completed.No Policy Manager State.8021X_REQD //This proves client is struggling to clear Layer-2 authentication. It means we have to move to debug to understand where in L-2 we are failing Policy Manager Rule Created.Yes Audit Session ID.none AAA Role Type.none Local Policy Applied.none IPv4 ACL Name.none FlexConnect ACL Applied Status.Unavailable IPv4 ACL Applied Status.Unavailable IPv6 ACL Name. none IPv6 ACL Applied Status.Unavailable Layer2 ACL Name.none Layer2 ACL Applied Status. Unavailable mDNS Status.Enabled mDNS Profile Name.default-mdns-profile No. of mDNS Services Advertised.0 Policy Type.WPA2 Authentication Key Management.PSK Encryption Cipher.CCMP (AES) Protected Management Frame No Management Frame Protection.No EAP Type.Unknown Interface.vlan21 VLAN.21 Quarantine VLAN.0 Access VLAN.21 Client Capabilities: CF Pollable.Not implemented CF Poll Request.Not implemented Short Preamble. Not implemented PBCC.Not implemented Channel Agility.Not implemented Listen Interval.

10 Fast BSS Transition.Not implemented Client Wifi Direct Capabilities: WFD capable.No Manged WFD capable.No Cross Connection Capable.No Support Concurrent Operation.No Fast BSS Transition Details: Client Statistics: Number of Bytes Received.423 Number of Bytes Sent.429 Number of Packets Received.3 Number of Packets Sent.4 Number of Interim-Update Sent.0 Number of EAP Id Request Msg Timeouts......0 Number of EAP Id Request Msg Failures.0 Number of EAP Request Msg Timeouts.0 Number of EAP Request Msg Failures.0 Number of EAP Key Msg Timeouts.0 Number of EAP Key Msg Failures.0 Number of Data Retries.0 Number of RTS Retries.0 Number of Duplicate Received Packets.......0 Number of Decrypt Failed Packets.0 Number of Mic Failured Packets.0 Number of Mic Missing Packets.0 Number of RA Packets Dropped.0 Number of Policy Errors.0 Radio Signal Strength Indicator.18 dBm Signal to Noise Ratio.

40 dB Client Rate Limiting Statistics: Number of Data Packets Recieved.0 Number of Data Rx Packets Dropped.0 Number of Data Bytes Recieved.0 Number of Data Rx Bytes Dropped.0 Number of Realtime Packets Recieved........0 Number of Realtime Rx Packets Dropped......0 Number of Realtime Bytes Recieved.0 Number of Realtime Rx Bytes Dropped........0 Number of Data Packets Sent.0 Number of Data Tx Packets Dropped.0 Number of Data Bytes Sent.0 Number of Data Tx Bytes Dropped.0 Number of Realtime Packets Sent.0 Number of Realtime Tx Packets Dropped......0 Number of Realtime Bytes Sent.0 Number of Realtime Tx Bytes Dropped........0 Nearby AP Statistics: Shankar_AP_1602(slot 0) antenna0:

0 secs ago.25 dBm antenna1:

0 secs ago.40 dBm Shankar_AP_1602(slot 1) antenna0:

1 secs ago.41 dBm antenna1:

1 secs ago.27 dBm Shankar_AP_3502(slot 0) antenna0:

0 secs ago.90 dBm antenna1:

0 secs ago.83 dBm Shankar_AP_1042(slot 0) antenna0:

0 secs ago.32 dBm antenna1:

0 secs ago.41 dBm Shankar_AP_1042(slot 1) antenna0:

0 secs ago.50 dBm antenna1:

0 secs ago.42 dBm DNS Server details: DNS server IP 0.0.0.0 DNS server IP 0.0.0.0 Assisted Roaming Prediction List details: Client Dhcp Required: False Allowed (URL)IP Addresses 调试客户端分析 (Cisco Controller) >

debug client 24:77:03:19:fb:70 *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Association received from mobile on BSSID 08:cc:68:67:1f:fb //Client has initiated association for AP with BSSID 08:cc:68:67:1f:fb *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Global

200 Clients are allowed to AP radio *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Max Client Trap Threshold:

0 cur:

0 *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Rf profile

600 Clients are allowed to AP wlan *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Applying Interface policy on Mobile, role Unassociated.Ms NAC State

2 Quarantine Vlan

0 Access Vlan

21 *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 Re-applying interface policy for client *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 0.0.0.0 START (0) Changing IPv4 ACL '

none'

(ACL ID 255) ===>

none'

(ACL ID 255) --- (caller apf_policy.c:2202) *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 0.0.0.0 START (0) Changing IPv6 ACL '

none'

(ACL ID 255) ===>

none'

(ACL ID 255) --- (caller apf_policy.c:2223) *apfMsConnTask_4: May

07 17:03:56.060: 24:77:03:19:fb:70 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 In processSsidIE:4795 setting Central switched to TRUE *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 In processSsidIE:4798 apVapId =

5 and Split Acl Id =

65535 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Applying site-specific Local Bridging override for station 24:77:03:19:fb:70 - vapId 5, site '

default-group'

, interface '

vlan21'

*apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Applying Local Bridging Interface Policy for station 24:77:03:19:fb:70 - vlan 21, interface id 14, interface '

vlan21'

*apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 processSsidIE statusCode is

0 and status is

0 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 processSsidIE ssid_done_flag is

0 finish_flag is

0 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 STA - rates (8):

140 18

24 36

48 72

96 108

0 0

0 0 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 suppRates statusCode is

0 and gotSuppRatesElement is

1 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Processing RSN IE type 48, length

22 for mobile 24:77:03:19:fb:70 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0. *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 0.0.0.0 START (0) Deleted mobile LWAPP rule on AP [ec:c8:82:a4:5b:c0] *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Updated location for station old AP ec:c8:82:a4:5b:c0-1, new AP 08:cc:68:67:1f:f0-1 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Updating AID for REAP AP Client 08:cc:68:67:1f:f0 - AID ===>

1 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 0.0.0.0 START (0) Initializing policy *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0) *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)// Client entering L2 authentication stage *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Central switch is TRUE *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 Not Using WMM Compliance code qosCap

00 *apfMsConnTask_4: May

07 17:03:56.061: 24:77:03:19:fb:70 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 08:cc:68:67:1f:f0 vapId

5 apVapId

5 flex-acl- name: *apfMsConnTask_4: May

07 17:03:56.062: 24:77:03:19:fb:70 apfMsAssoStateInc *apfMsConnTask_4: May

07 17:03:56.062: 24:77:03:19:fb:70 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 24:77:03:19:fb:70 on AP 08:cc:68:67:1f:f0 from Disassociated to Associated *apfMsConnTask_4: May

07 17:03:56.062: 24:77:03:19:fb:70 apfPemAddUser2:session timeout forstation 24:77:03:19:fb:70 - Session Tout 0, apfMsTimeOut '

and sessionTimerRunning flag is

0 *apfMsConnTask_4: May

07 17:03:56.062: 24:77:03:19:fb:70 Stopping deletion of Mobile Station: (callerId: 48) *apfMsConnTask_4: May

07 17:03:56.062: 24:77:03:19:fb........

注：以上内容是本站开源项目的机器提供的预览内容，更完整和更好的阅读体验请直接免费下载资源后阅读

下载（注：源文件不在本站服务器，都将跳转到源网站下载）

备用下载

PDF《使用的组件》