客户端关联---802.1x认证--dhcp获取ip过程,debug详细过程
原文地址:https://cciewirelessnotes.wordpress.com/
Overview:
In this post we’ll examine a case where the client is unable to join the WLAN as the DHCP server continuously offered it an IP address that was already in use on the network. The client was then excluded for a period of time due to IP theft/reuse. When clients are excluded it can actually be quite helpful as the WLC will list a reason for the exclusion, possible conditions are:
Excessive 802.11 Association Failures Excessive 802.11 Authentication Failures Excessive 802.1X Authentication Failures IP Theft or IP Reuse Excessive Web Authentication Failures Debug using CLI:
Client associated 802.1x completed successfully DHCP discover sent by client WLC relays DHCP discover to 1.2.3.4 DHCP server provides an offer (4.3.2.1) Client Requests 4.3.2.1 from DHCP server DHCP server accepts request WLC recognises that the requested IP is already in use (assigned to a virtual interface) Not shown – client is excluded due to IP theft/reuse
Association received dot1x - moving mobile xx:xx:xx:xx:xx:xx into Connecting state EAP State update from Connecting to Authenticating for mobile xx:xx:xx:xx:xx:xx Processing Access-Accept for mobile xx:xx:xx:xx:xx:xx Received Auth Success while in Authenticating state for mobile xx:xx:xx:xx:xx:xx 0.0.0.0 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3) 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state L2AUTHCOMPLETE (4) DHCP received op BOOTREQUEST (1) (len 317,vlan 99, port 13, encap 0xec03) DHCP transmitting DHCP DISCOVER (1) DHCP transmitting DHCP OFFER (2) DHCP sending REQUEST to 1.2.3.4 (len 358, port 13, vlan 32) DHCP received op BOOTREPLY (2) (len 312,vlan 32, port 13, encap 0xec00) DHCP failed to register IP 4.3.2.1 - dropping ACK
