INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

LWAPP QoS Packet Tagging

 

 

IEEE 802.11a/g/n Reference Sheet

 

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

Tuesday
Jan292013

What does the RTD-1-ADDR_FLAP system message mean?

I ran into this very issue many moons ago. Good post by Vinay! 

By: Vinay Sharma - Cisco 
  

Introduction

What does the RTD-1-ADDR_FLAP system message mean?

Resolution

The RTD-1-ADDR_FLAP error message indicates that a MAC address is moving consistently between different ports. This error message is only applicable on the Catalyst 2900XL and 3500XL switches. 

If users move from one Access Point (AP) to another and the MAC address shows up on a  different switch port, the error messages are displayed. These messages do not necessarily mean that there is a problem. They are displayed for informational purposes only.

It is part of normal operation for a  switch to re-learn the MAC address every time it is seen on a different port. This action always generates this message. The RTD-1-ADDR_FLAP system status messages should not necessarily be considered errors,  particularly on ports where there are APs attached.

For example, if there are APs attached to ports 3/4 and 3/5, and clients associated to those APs are roaming back and forth between the two APs, the MAC addresses of the clients are truly moving back and forth between those two switch ports. The status messages are accurate, and there is no cause for alarm.

Additional Information

Error Message

RTD-1-ADDR_FLAP [chars] relearning [dec] addrs per min

Explanation

Normally, MAC addresses are learned once on a port. Occasionally, when a switched network reconfigures, due to either manual or STP reconfiguration, addresses learned on one port are relearned on a different port. However, if there is a port anywhere in the switched domain that is looped back to itself, addresses will jump back and forth between the real port and the port that is in the path to the looped back port. In this message, [chars] is the interface, and [dec] is the number of addresses being learnt.

Recommended Action

Determine the real path (port) to the MAC address. Use the debug ethernet-controller addr command to see the alternate path-port on which the address is being learned. Go to the switch attached to that port. Note that the show cdp neighbors command is useful in determining the next switch. Repeat this procedure until the port is found that is receiving what it is transmitting, and remove that port from the network.

Problem Type

Error message

Products

Access point

Reference

Runtime diagnostic error messages

 

Thursday
Dec152011

Basic Cisco AP Debugging - Autonomous IOS

A great post from Aaron Leonard (Cisco TAC)

These are debugs that you can collect while logged into the IOS CLI.

Basic setup

If you see a prompt that ends in a right angle bracket, like this:

ap>

it means that you are in unprivileged mode, so get privileged (which shows a # prompt):

ap>enable

Password:

ap#

(default username/password on APs is "Cisco".)

Configure NTP, timestamps, line timeout

ap#configure terminal

ap(config)#sntp server 1.2.3.4

ap(config)#service timestamp debug datetime msec

ap(config)#service timestamp log datetime msec

ap(config)#logging rate-limit 500

ap(config)#no logging console

[1]

ap(config)#line con 0

ap(config-line)#no exec-timeout

ap(config-line)#line vty 0 4

ap(config-line)#no exec-timeout

ap(config)#exit

ap#write   (if you wan to to save the configuration changes to NVRAM)

#

[1] if you're going to generate debug messages at an extremely high rate, should be sure to turn off console logging, otherwise the AP will hang.  (If your access is via the console, then of course you would need some other way to see the debugs then - e.g.

write them to a logging buffer, or to an external syslog server

.  Or

increase the console port speed to 115200

.)

 

Collecting debugs from telnet or ssh session

Telnet/ssh into the AP, then enter the command "terminal monitor".  The debug messages will be written to your terminal window.  To save the messages, configure your terminal emulator accordingly.

 

Collecting debugs from a console session

Some development special debug output will be written only to the console.  So in such a case, you must connect a serial cable to the AP's console port and access this cable via a terminal emulator program (e.g. Windows Hyperterminal talking to a PC COM port.)  The default console port speed is 9600 bps which is too slow to collect a large volume of debugs - so increase the speed to 115200 bps, its maximum:

ap#configure terminal

ap(config)#logging console
ap(config)#line con 0


ap(config-line)#no exec-timeout
ap(config-file)#speed 115200

 

at this point, the terminal emulator program on the serial line will no longer be able to communicate with the console port, till you reset its speed to 115200 bps to match.

Radio names

The radios are usually called Dot11Radio0 (2.4GHz) and Dot11Radio1 (5GHz.)

 

 

ajax#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.0.47.21      YES DHCP   up                    up 
Dot11Radio0                unassigned      YES unset  up                    up 
Dot11Radio1                unassigned      YES unset  administratively down down
FastEthernet0              unassigned      YES other  up                    up

You can abbreviate them to do0 and do1:

ajax#show controller do0
[...]
Radio AIR-AP1131G, Base Address 0012.44b3.e000, BBlock version 0.00, Software version 6.20.6
[...]
Configured Frequency: 2442 MHz  Channel 7

 

Basic show commands

 

radio information

 

ajax#show interface dot11radio0
ajax#show controller dot11radio0

 

client information

 

ajax#show dot11 associations
ajax#show dot11 associations all

 

AP information

 

ajax#show config     <= configuration (from NVRAM)
ajax#show run          <= configuration (in memory)
ajax#show version     <= model, version info
ajax#show tech          <= everything - do "term length 0" first

 

Other basic commands

 

ajax#clear dot11 client 0011.2233.4455  <= deauthenticate a client
ajax#clear int dot11radio0              <= reset a radio
ajax#reload                    <= reboot the AP

 

Basic debug commands

 

radio debugs

ajax#no debug dot11 dot11radio0 print printf  <= sometimes necessary to get radio debugs to log correctly

ajax#debug dot11 dot11radio0 trace print ?    <= show list of flags
-- example:
-- debug dot11 dot11radio0 trace print mgmt keys  <= mgmt frames & keying

 

dot1x/RADIUS debugs

 

ajax#debug dot11 aaa authenticator state-machine
ajax#debug dot11 aaa authenticator txdata
ajax#debug dot11 aaa authenticator rxdata
ajax#debug radius

 

Example debug output

This example uses all of the above listed debugs.  This shows a client being deauthed, then successfully associating in LEAP with WPA2/AES.  Note that the messages aren't all logged in order, i.e. the 802.11 association response sent by the AP is logged after the EAP ID-Request message is logged.

 

ajax#clear dot11 client 0040.96b4.7e8f
ajax#
Dec  5 23:14:58.537: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 0040.96b4.7e8f Reason: Previous authentication no longer valid
Dec  5 23:14:58.619: 2149F234 t 1     0  - C040 13A B47E8F B3E000 B3E000 8250 deauth l 2
        reason 2
Dec  5 23:14:58.623: 214A02B6-0 0040.96b4.7e8f- delete session key
Dec  5 23:15:02.184: 218059FB r 1      75/ 13- B000 130 B3E000 B47E8F B3E000 0290 auth l 6
        algorithm 128
        sequence 1
        status 0
Dec  5 23:15:02.185: 21805E40 t 1     0  - B000 13A B47E8F B3E000 B3E000 84B0 auth l 6
        algorithm 128
        sequence 2
        status 0
Dec  5 23:15:02.186: 218064A6 r 1      76/ 12- 0000 130 B3E000 B47E8F B3E000 02A0 assreq l 141
        cap 431 infra privacy shorthdr
        listen interval 10
        ssid LEaP
        rates 2 4 B C 12 16 18 24
        extrates 30 48 60 6C
        rsn1 mcst aes ucst aes keymgmt wpa2 cap 2800
        221 - 0 50 F2 2 0 1 0
        aironet AARON-GW-XP load 0 clients 0 hops 0 device 87-0
                refresh 10 CW 0-0 flags 18 distance 0
        IP 10.0.47.206 0
        221 - 0 40 96 1 1 0
        ccxver 5
        221 - 0 40 96 14 7
Dec  5 23:15:02.188: dot11_auth_dot1x_send_id_req_to_client: Sending identity request to 0040.96b4.7e8f
Dec  5 23:15:02.189: EAPOL pak dump tx
Dec  5 23:15:02.189: EAPOL Version: 0x1  type: 0x0  length: 0x0028
Dec  5 23:15:02.189: EAP code: 0x1  id: 0x1  length: 0x0028 type: 0x1
01806BC0:                   01000028 01010028          ...(...(
01806BD0: 01006E65 74776F72 6B69643D 4C456150  ..networkid=LEaP
01806BE0: 2C6E6173 69643D61 6A61782C 706F7274  ,nasid=ajax,port
01806BF0: 69643D30                             id=0
Dec  5 23:15:02.190: dot11_auth_dot1x_send_id_req_to_client: Client 0040.96b4.7e8f timer started for 30 seconds
Dec  5 23:15:02.190: 21806A65-0 0040.96b4.7e8f- session key type 200 len 16, idx: 1, E2164DEDE9F1AA1D
Dec  5 23:15:02.191: 21807239 t 1     0  - 1000 13A B47E8F B3E000 B3E000 84C0 assrsp l 113
        cap 431 infra privacy shorthdr
        status 0
        aid C001
        rates 82 84 8B C 12 96 18 24
        extrates 30 48 60 6C
        aironet ajax load 0 clients 0 hops 0 device 89-2700
                refresh 10 CW 15-1023 flags 1 distance 0
        IP 10.0.47.21 1
        ccxver 5
        221 - 0 40 96 B 9
        221 - 0 40 96 14 1
        221 - 0 50 F2 2 1 1 8C 0 3 A4 0 0 27 A4 0 0 42 43 BC 0 62 32 66 0
Dec  5 23:15:02.192: 218076D6 t 1     0  - 8802 13A B47E8F B3E000 B3E000 C730 q7 l54
  EAP id 1 req ident 0 "networkid=LEaP,nasid=ajax,portid=0"
Dec  5 23:15:02.205: 2180ACD3 r 1      75/ 13- 0801 130 B3E000 B47E8F B3E000 02B0 l21
   0100 0009 0201 0009 016C 6561 7000 0000 0000 0000 00
Dec  5 23:15:02.205: EAPOL pak dump rx
Dec  5 23:15:02.205: EAPOL Version: 0x1  type: 0x0  length: 0x0009
Dec  5 23:15:02.205: EAP code: 0x2  id: 0x1  length: 0x0009 type: 0x1
01803280: 01000009 02010009 016C6561 70        .........leap
Dec  5 23:15:02.206: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0040.96b4.7e8f
Dec  5 23:15:02.206: dot11_auth_dot1x_send_response_to_server: Sending client 0040.96b4.7e8f data to server
Dec  5 23:15:02.206: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Dec  5 23:15:02.207: RADIUS/ENCODE(00000B86):Orig. component type = DOT11
Dec  5 23:15:02.207: RADIUS:  AAA Unsupported Attr: ssid              [265] 4
Dec  5 23:15:02.207: RADIUS:   4C 45                                            [LE]
Dec  5 23:15:02.207: RADIUS:  AAA Unsupported Attr: interface         [157] 4
Dec  5 23:15:02.208: RADIUS:   33 31                                            [31]
Dec  5 23:15:02.208: RADIUS(00000B86): Config NAS IP: 0.0.0.0
Dec  5 23:15:02.208: RADIUS/ENCODE(00000B86): acct_session_id: 2948
Dec  5 23:15:02.208: RADIUS(00000B86): sending
Dec  5 23:15:02.208: RADIUS/ENCODE: Best Local IP-Address 10.0.47.21 for Radius-Server 10.0.47.20
Dec  5 23:15:02.208: RADIUS(00000B86): Send Access-Request to 10.0.47.20:1812 id 1645/10, len 123
Dec  5 23:15:02.209: RADIUS:  authenticator 4B A2 CB 82 2F BD 4A DA - E8 78 72 BA 6B A3 04 16
Dec  5 23:15:02.209: RADIUS:  User-Name           [1]   6   "leap"
Dec  5 23:15:02.209: RADIUS:  Framed-MTU          [12]  6   1400
Dec  5 23:15:02.209: RADIUS:  Called-Station-Id   [30]  16  "0012.44b3.e000"
Dec  5 23:15:02.209: RADIUS:  Calling-Station-Id  [31]  16  "0040.96b4.7e8f"
Dec  5 23:15:02.209: RADIUS:  Service-Type        [6]   6   Login                     [1]
Dec  5 23:15:02.209: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.209: RADIUS:   C2 F3 BA 46 5D CC A7 56 6F 75 CD D5 CF 71 A1 F2  [???F]??Vou???q??]
Dec  5 23:15:02.210: RADIUS:  EAP-Message         [79]  11
Dec  5 23:15:02.210: RADIUS:   02 01 00 09 01 6C 65 61 70                       [?????leap]
Dec  5 23:15:02.210: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Dec  5 23:15:02.210: RADIUS:  NAS-Port            [5]   6   3196
Dec  5 23:15:02.210: RADIUS:  NAS-Port-Id         [87]  6   "3196"
Dec  5 23:15:02.210: RADIUS:  NAS-IP-Address      [4]   6   10.0.47.21
Dec  5 23:15:02.215: RADIUS: Received from id 1645/10 10.0.47.20:1812, Access-Challenge, len 116
Dec  5 23:15:02.216: RADIUS:  authenticator 89 E3 9A 73 09 D3 BC C7 - F5 3B 33 C4 1F 0D 71 25
Dec  5 23:15:02.216: RADIUS:  EAP-Message         [79]  22
Dec  5 23:15:02.216: RADIUS:   01 02 00 14 11 01 00 08 C2 F9 E3 AE 90 E0 5E 4D  [??????????????^M]
Dec  5 23:15:02.216: RADIUS:   6C 65 61 70                                      [leap]
Dec  5 23:15:02.216: RADIUS:  Session-Timeout     [27]  6   10
Dec  5 23:15:02.216: RADIUS:  State               [24]  50
Dec  5 23:15:02.217: RADIUS:   C2 F9 E3 AE 90 E0 5E 4D 00 00 00 00 00 00 00 00  [??????^M????????]
Dec  5 23:15:02.217: RADIUS:   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [????????????????]
Dec  5 23:15:02.217: RADIUS:   24 B7 93 97 FE D4 04 23 78 5C 05 87 75 00 17 6C  [$??????#x\??u??l]
Dec  5 23:15:02.217: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.217: RADIUS:   B6 9B A4 4B A5 A0 81 5B CC 75 58 42 A9 3F C1 C3  [???K???[?uXB????]
Dec  5 23:15:02.218: RADIUS(00000B86): Received from id 1645/10
Dec  5 23:15:02.218: RADIUS/DECODE: EAP-Message fragments, 20, total 20 bytes
Dec  5 23:15:02.219: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0040.96b4.7e8f
Dec  5 23:15:02.219: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0040.96b4.7e8f
Dec  5 23:15:02.219: EAPOL pak dump tx
Dec  5 23:15:02.219: EAPOL Version: 0x1  type: 0x0  length: 0x0014
Dec  5 23:15:02.219: EAP code: 0x1  id: 0x2  length: 0x0014 type: 0x11
01800CB0:                   01000014 01020014          ........
01800CC0: 11010008 C2F9E3AE 90E05E4D 6C656170  ....Byc..`^Mleap
01800CD0:
Dec  5 23:15:02.220: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 10 seconds
Dec  5 23:15:02.221: 2180EC54 t 1     0  - 8802 13A B47E8F B3E000 B3E000 C740 q7 l54
  EAP id 2 req leap 0100 08C2 F9E3 AE90 E05E 4D6C 6561 70
Dec  5 23:15:02.224: EAPOL pak dump rx
Dec  5 23:15:02.224: EAPOL Version: 0x1  type: 0x0  length: 0x0024
Dec  5 23:15:02.224: EAP code: 0x2  id: 0x2  length: 0x0024 type: 0x11
01807E10: 01000024 02020024 11010018 75682898  ...$...$....uh(.
01807E20: 897FB670 FA732F1A 09B92150 B21EF0F2  ..6pzs/..9!P2.pr
01807E30: 044CDEE4 6C656170                    .L^dleap
Dec  5 23:15:02.225: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0040.96b4.7e8f
Dec  5 23:15:02.225: dot11_auth_dot1x_send_response_to_server: Sending client 0040.96b4.7e8f data to server
Dec  5 23:15:02.225: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Dec  5 23:15:02.226: RADIUS/ENCODE(00000B86):Orig. component type = DOT11
Dec  5 23:15:02.226: RADIUS:  AAA Unsupported Attr: ssid              [265] 4
Dec  5 23:15:02.226: RADIUS:   4C 45                                            [LE]
Dec  5 23:15:02.226: RADIUS:  AAA Unsupported Attr: interface         [157] 4
Dec  5 23:15:02.226: RADIUS:   33 31                                            [31]
Dec  5 23:15:02.226: RADIUS(00000B86): Config NAS IP: 0.0.0.0
Dec  5 23:15:02.227: RADIUS/ENCODE(00000B86): acct_session_id: 2948
Dec  5 23:15:02.227: RADIUS(00000B86): sending
Dec  5 23:15:02.227: RADIUS/ENCODE: Best Local IP-Address 10.0.47.21 for Radius-Server 10.0.47.20
Dec  5 23:15:02.227: RADIUS(00000B86): Send Access-Request to 10.0.47.20:1812 id 1645/11, len 200
Dec  5 23:15:02.227: RADIUS:  authenticator A7 50 BD F4 AA 2D 8A F3 - 92 EF 86 B2 2F 31 89 B4
Dec  5 23:15:02.228: RADIUS:  User-Name           [1]   6   "leap"
Dec  5 23:15:02.228: RADIUS:  Framed-MTU          [12]  6   1400
Dec  5 23:15:02.228: RADIUS:  Called-Station-Id   [30]  16  "0012.44b3.e000"
Dec  5 23:15:02.228: RADIUS:  Calling-Station-Id  [31]  16  "0040.96b4.7e8f"
Dec  5 23:15:02.228: RADIUS:  Service-Type        [6]   6   Login                     [1]
Dec  5 23:15:02.228: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.228: RADIUS:   BA FE 70 17 A6 67 2B B3 A5 78 35 EB 6D AE 5B 36  [??p??g+??x5?m?[6]
Dec  5 23:15:02.228: RADIUS:  EAP-Message         [79]  38
Dec  5 23:15:02.229: RADIUS:   02 02 00 24 11 01 00 18 75 68 28 98 89 7F B6 70  [???$????uh(????p]
Dec  5 23:15:02.229: RADIUS:   FA 73 2F 1A 09 B9 21 50 B2 1E F0 F2 04 4C DE E4  [?s/???!P?????L??]
Dec  5 23:15:02.229: RADIUS:   6C 65 61 70                                      [leap]
Dec  5 23:15:02.229: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Dec  5 23:15:02.229: RADIUS:  NAS-Port            [5]   6   3196
Dec  5 23:15:02.230: RADIUS:  NAS-Port-Id         [87]  6   "3196"
Dec  5 23:15:02.230: RADIUS:  State               [24]  50
Dec  5 23:15:02.230: RADIUS:   C2 F9 E3 AE 90 E0 5E 4D 00 00 00 00 00 00 00 00  [??????^M????????]
Dec  5 23:15:02.230: RADIUS:   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [????????????????]
Dec  5 23:15:02.230: RADIUS:   24 B7 93 97 FE D4 04 23 78 5C 05 87 75 00 17 6C  [$??????#x\??u??l]
Dec  5 23:15:02.230: RADIUS:  NAS-IP-Address      [4]   6   10.0.47.21
Dec  5 23:15:02.231: 2180F622 r 1      76/ 13- 0801 130 B3E000 B47E8F B3E000 02C0 l48
   0100 0024 0202 0024 1101 0018 7568 2898 897F B670 FA73 2F1A 09B9 2150
  B21E F0F2 044C DEE4 6C65 6170 0000 0000 0000 0000
Dec  5 23:15:02.245: RADIUS: Received from id 1645/11 10.0.47.20:1812, Access-Challenge, len 94
Dec  5 23:15:02.245: RADIUS:  authenticator FE 64 BD 35 49 E1 0C C4 - 71 F5 9E B1 DE CB 45 9D
Dec  5 23:15:02.246: RADIUS:  EAP-Message         [79]  6
Dec  5 23:15:02.246: RADIUS:   03 02 00 04                                      [????]
Dec  5 23:15:02.246: RADIUS:  State               [24]  50
Dec  5 23:15:02.246: RADIUS:   C2 F9 E3 AE 90 E0 5E 4D 75 68 28 98 89 7F B6 70  [??????^Muh(????p]
Dec  5 23:15:02.246: RADIUS:   FA 73 2F 1A 09 B9 21 50 B2 1E F0 F2 04 4C DE E4  [?s/???!P?????L??]
Dec  5 23:15:02.247: RADIUS:   D4 2C 1C 1C 49 4D 60 80 BC BC AF FC 91 78 37 92  [?,??IM`??????x7?]
Dec  5 23:15:02.247: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.247: RADIUS:   6E 86 16 34 26 7B 27 89 53 32 0A 49 DE 4E 65 FC  [n??4&{'?S2?I?Ne?]
Dec  5 23:15:02.247: RADIUS(00000B86): Received from id 1645/11
Dec  5 23:15:02.248: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Dec  5 23:15:02.248: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_REPLY) for 0040.96b4.7e8f
Dec  5 23:15:02.248: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0040.96b4.7e8f
Dec  5 23:15:02.248: EAPOL pak dump tx
Dec  5 23:15:02.248: EAPOL Version: 0x1  type: 0x0  length: 0x0004
Dec  5 23:15:02.248: EAP code: 0x3  id: 0x2  length: 0x0004
01808F20: 01000004 03020004                    ........
Dec  5 23:15:02.249: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Dec  5 23:15:02.250: 21815D4C t 1     0  - 8802 13A B47E8F B3E000 B3E000 C750 q7 l54
  EAP id 2 success
Dec  5 23:15:02.255: EAPOL pak dump rx
Dec  5 23:15:02.255: EAPOL Version: 0x1  type: 0x0  length: 0x0014
Dec  5 23:15:02.255: EAP code: 0x1  id: 0x2  length: 0x0014 type: 0x11
01804390: 01000014 01020014 11010008 496A7925  ............Ijy%
018043A0: 08614014 6C656170                    .a@.leap
Dec  5 23:15:02.256: dot11_auth_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,CLIENT_REPLY) for 0040.96b4.7e8f
Dec  5 23:15:02.256: dot11_auth_dot1x_send_response_to_server: Sending client 0040.96b4.7e8f data to server
Dec  5 23:15:02.256: dot11_auth_dot1x_send_response_to_server: Started timer server_timeout 60 seconds
Dec  5 23:15:02.257: RADIUS/ENCODE(00000B86):Orig. component type = DOT11
Dec  5 23:15:02.257: RADIUS:  AAA Unsupported Attr: ssid              [265] 4
Dec  5 23:15:02.257: RADIUS:   4C 45                                            [LE]
Dec  5 23:15:02.257: RADIUS:  AAA Unsupported Attr: interface         [157] 4
Dec  5 23:15:02.257: RADIUS:   33 31                                            [31]
Dec  5 23:15:02.258: RADIUS(00000B86): Config NAS IP: 0.0.0.0
Dec  5 23:15:02.258: RADIUS/ENCODE(00000B86): acct_session_id: 2948
Dec  5 23:15:02.258: RADIUS(00000B86): sending
Dec  5 23:15:02.258: RADIUS/ENCODE: Best Local IP-Address 10.0.47.21 for Radius-Server 10.0.47.20
Dec  5 23:15:02.258: RADIUS(00000B86): Send Access-Request to 10.0.47.20:1812 id 1645/12, len 184
Dec  5 23:15:02.258: RADIUS:  authenticator 31 78 B8 F6 26 E4 36 F1 - 88 DB 25 40 53 56 A4 B5
Dec  5 23:15:02.259: RADIUS:  User-Name           [1]   6   "leap"
Dec  5 23:15:02.259: RADIUS:  Framed-MTU          [12]  6   1400
Dec  5 23:15:02.259: RADIUS:  Called-Station-Id   [30]  16  "0012.44b3.e000"
Dec  5 23:15:02.259: RADIUS:  Calling-Station-Id  [31]  16  "0040.96b4.7e8f"
Dec  5 23:15:02.259: RADIUS:  Service-Type        [6]   6   Login                     [1]
Dec  5 23:15:02.259: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.259: RADIUS:   31 01 9A B3 64 AA 5B DB 6C 76 31 AA A2 CD 3B F6  [1???d?[?lv1???;?]
Dec  5 23:15:02.259: RADIUS:  EAP-Message         [79]  22
Dec  5 23:15:02.260: RADIUS:   01 02 00 14 11 01 00 08 49 6A 79 25 08 61 40 14  [????????Ijy??a@?]
Dec  5 23:15:02.260: RADIUS:   6C 65 61 70                                      [leap]
Dec  5 23:15:02.260: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
Dec  5 23:15:02.260: RADIUS:  NAS-Port            [5]   6   3196
Dec  5 23:15:02.260: RADIUS:  NAS-Port-Id         [87]  6   "3196"
Dec  5 23:15:02.260: RADIUS:  State               [24]  50
Dec  5 23:15:02.261: RADIUS:   C2 F9 E3 AE 90 E0 5E 4D 75 68 28 98 89 7F B6 70  [??????^Muh(????p]
Dec  5 23:15:02.261: RADIUS:   FA 73 2F 1A 09 B9 21 50 B2 1E F0 F2 04 4C DE E4  [?s/???!P?????L??]
Dec  5 23:15:02.261: RADIUS:   D4 2C 1C 1C 49 4D 60 80 BC BC AF FC 91 78 37 92  [?,??IM`??????x7?]
Dec  5 23:15:02.261: RADIUS:  NAS-IP-Address      [4]   6   10.0.47.21
Dec  5 23:15:02.262: 21816FB9 r 1      /75 12- 0801 130 B3E000 B47E8F B3E000 02D0 l32
   0100 0014 0102 0014 1101 0008 496A 7925 0861 4014 6C65 6170 0000 0000
  0000 0000
Dec  5 23:15:02.278: RADIUS: Received from id 1645/12 10.0.47.20:1812, Access-Accept, len 216
Dec  5 23:15:02.278: RADIUS:  authenticator 52 FD 9C 2F 96 3A B9 B1 - F5 C1 59 17 A7 A5 DD FD
Dec  5 23:15:02.278: RADIUS:  EAP-Message         [79]  38
Dec  5 23:15:02.278: RADIUS:   02 02 00 24 11 01 00 18 AC BD 25 1F 89 7B CB 6F  [???$?????????{?o]
Dec  5 23:15:02.279: RADIUS:   42 08 3B 37 62 8D 0D C7 78 9F 11 E3 5C D9 5B F1  [B?;7b???x???\?[?]
Dec  5 23:15:02.279: RADIUS:   6C 65 61 70                                      [leap]
Dec  5 23:15:02.279: RADIUS:  Vendor, Cisco       [26]  59
Dec  5 23:15:02.279: RADIUS:   Cisco AVpair       [1]   53  "leap:session-key=?
p<k2}l;q`o)2AHP2K%GXD>G:"
Dec  5 23:15:02.279: RADIUS:  Vendor, Cisco       [26]  31
Dec  5 23:15:02.279: RADIUS:   Cisco AVpair       [1]   25  "auth-algo-type=eap-leap"
Dec  5 23:15:02.279: RADIUS:  State               [24]  50
Dec  5 23:15:02.280: RADIUS:   C2 F9 E3 AE 90 E0 5E 4D 75 68 28 98 89 7F B6 70  [??????^Muh(????p]
Dec  5 23:15:02.280: RADIUS:   FA 73 2F 1A 09 B9 21 50 B2 1E F0 F2 04 4C DE E4  [?s/???!P?????L??]
Dec  5 23:15:02.280: RADIUS:   D4 2C 1C 1C 49 4D 60 80 BC BC AF FC 91 78 37 92  [?,??IM`??????x7?]
Dec  5 23:15:02.280: RADIUS:  Message-Authenticato[80]  18
Dec  5 23:15:02.280: RADIUS:   A4 B6 3E 73 9D C0 5E 01 EB 1F 6A 57 D7 44 4C DF  [??>s??^???jW?DL?]
Dec  5 23:15:02.281: RADIUS(00000B86): Received from id 1645/12
Dec  5 23:15:02.281: RADIUS/DECODE: EAP-Message fragments, 36, total 36 bytes
Dec  5 23:15:02.281: found leap session key
Dec  5 23:15:02.282: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_PASS) for 0040.96b4.7e8f
Dec  5 23:15:02.282: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 0040.96b4.7e8f
Dec  5 23:15:02.282: EAPOL pak dump tx
Dec  5 23:15:02.282: EAPOL Version: 0x1  type: 0x0  length: 0x0024
Dec  5 23:15:02.282: EAP code: 0x2  id: 0x2  length: 0x0024 type: 0x11
01804AE0: 01000024 02020024 11010018 ACBD251F  ...$...$....,=%.
01804AF0: 897BCB6F 42083B37 628D0DC7 789F11E3  .{KoB.;7b..Gx..c
01804B00: 5CD95BF1 6C656170                    \Y[qleap
Dec  5 23:15:02.283: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Dec  5 23:15:02.284: 2181E306 t 1     0  - 8802 13A B47E8F B3E000 B3E000 C760 q7 l54
  EAP id 2 resp leap 0100 18AC BD25 1F89 7BCB 6F42 083B 3762 8D0D C778 9F11
  E35C D95B F16C 6561 70
Dec  5 23:15:02.286: 2181EA22 t 1     0  - 8802 13A B47E8F B3E000 B3E000 C770 q7 l129
  EAPOL2 EAPOL key desc 02  008A 0010 0000 0000 0000 0001 5AD9 47C1 D022
  5AE4 6C06 F77E AFD2 B48A D7CD 4D05 1510 DF8C F732 7D69 E62D A592 0000 0000
Dec  5 23:15:02.298: 21821818 r 1      /76 14- 0801 130 B3E000 B47E8F B3E000 02E0 l161
   0103 0095 0201 0A00 0000 0000 0000 0000 01B1 3B6A A511 28C1 8CD6 A90B
  8797 8C2F F115 1D9A 95C1 9BE1 C07E E9A8 9AA7 86C2 B500 0000 0000 0000 0000
Dec  5 23:15:02.302: 218227E8 t 1     0  - 8802 13A B47E8F B3E000 B3E000 C780 q7 l179
  EAPOL2 EAPOL key desc 02  13CA 0010 0000 0000 0000 0002 5AD9 47C1 D022
  5AE4 6C06 F77E AFD2 B48A D7CD 4D05 1510 DF8C F732 7D69 E62D A592 0000 0000
Dec  5 23:15:02.312: 21824F9A r 1      /76 15- 0801 130 B3E000 B47E8F B3E000 02F0 l107
   0103 005F 0203 0A00 0000 0000 0000 0000 0200 0000 0000 0000 0000 0000
  0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
Dec  5 23:15:02.313: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AARON-GW-XP 0040.96b4.7e8f Associated KEY_MGMT[WPAv2]
Dec  5 23:15:02.314: 218252AE-0 0040.96b4.7e8f- session key type 200 len 16, idx: 0, B0DC14798C4898C6

 

More info

 

Quick Start Guide Cisco Aironet 1240AG Series Access Point

 

Configuration Guide

 

AP Command Reference

Sunday
Jun202010

Autonomous: Carrier Busy Test

  

Back in the day when I couldn’t afford a spectrum or packet analyzer I would often use the next best free thing available. Its called the "carrier busy" test and it’s built into the Cisco Autonomous Access Point.

The carrier busy test will allow you to see what is going on in an environment from 50,000 feet, but that’s about where it ends. It doesn’t have details like a professional analyzer will provide. You could incorporate other commands like frame retries etc to help better interpret “carrier busy”.

Needless to say, it’s a fun command and if you don’t have the proper tools could help you in a pinch. If you do outdoor bridges, you may already use this command to assist on channel assignment.

What is "Carrier Busy"

On a Cisco autonomous access point you can run a command called 'carrier busy'. The AP will shutdown the respected radio interface and will scan all respected channels and report back with a percentage of channel activity. The channel activity collected includes activity from both 802.11 traffic and interference also sometimes called RFI (Radio Frequency Interference).

What this means, if there is 802.11 traffic and suppose there is interference it will compute a  (percentage) to this value. Things to note when you run the carrier busy test the radio will do a shut and all associated clients will lose connectivity between 5 - 8 seconds during the test. After the test the radio will no shut itself and return to production allowing clients to associate again.

I have not found any detailed documentation stating exactly how the access point computes these values. If you have any info please do share!

Command for "Carrier Busy"

If your access point has both 802.11g <dot11Radio 0> and 802.11a <dot11Radio 1> radios you can run busy test on either the 2.4 GHz or the 5 GHz spectrums.

ap#dot11 <Radio Interface> carrier busy

ap#show dot11 carrier busy

802.11g = dot11Radio 0
802.11a = dot11Radio 1

ap#dot11 dot11Radio 0 carrier busy

 

Example # 1 - Carrier Busy (Normal)

This example is a neighboring access point on channel 11 only sending management frames

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:07:33.173: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:07:34.173: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          0
2417          3
2422          0
2427          0
2432          0
2437          0
2442          0
2447          4
2452          5
2457          2
2462          5

*Mar  2 09:07:38.695: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:07:39.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

 

Example # 2 - Carrier Busy (Microwave)

 I introduced a microwave oven into the mix. You can see there is a significant increase in channel activity from 2447 - 2462. 

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:05:52.664: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:05:53.664: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          1
2417          7
2422          5
2427          1
2432          11
2437          13
2442          10
2447          31
2452          36
2457          42
2462          45

*Mar  2 09:05:58.186: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:05:59.186: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

ap#

 

Example # 3 - Carrier Busy (ISO Download)

In this example I introduced 2 laptops and conducted an ISO download for the purpose of creating 802.11 traffic.

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:07:33.173: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:07:34.173: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          0
2417          3
2422          0
2427          0
2432          0
2437          0
2442          3
2447          9
2452          19
2457          21
2462          23

*Mar  2 09:07:38.695: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:07:39.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

Conclusion

If you don’t have tools and you are in a pinch the carrier busy test may be a tool you might find helpful. Keep in mind, you will need to incorporate other commands to interpret the carrier busy results.

 

Friday
Apr092010

Autonomous: Enable / Disable Web Browser Interface

 

 

How to enable or disable the web interface on a Cisco access point (autonomous) 

 

The web browser command in the CLI is

"ip http server" for port 80 HTTP

"ip http secure-server" for port 443 HTTPS

ENABLE

ap(config)#ip http server 

ap(config)#ip http secure-server

   

DISABLE - You negate the command with "NO"

ap(config)#NO ip http server

ap(config)#NO ip http secure-server

 

 

 

Friday
Mar122010

Autonomous: Understanding Cisco AP ARP Caching [Disabled] [Enabled] and [Optional]

 

 

ARP Caching at the access point isn't something normally deployed in the field in my experience, but I wanted to cover it here.  I've done limited testing with this "nerd knob" function in the field. If you have this in production I would like to hear your feedback! 

ARP caching on an access point reduces the traffic on your wireless LAN by stopping ARP requests for client devices at the access point. The good is that you lessen the ARP traffic and lessen the use of the wireless medium. There is also a security benny. If you are familiar with aireplay-ng it works by capturing the ARP packet and replaying it back to the AP to generate traffic. By blocking the ARP at the AP you lessen the upstream ARPs to the wireless clients to be sniffed, but you still have down stream ARPs (wireless clients to LAN). 

ARP CACHE DISABLED:

ap(config)#no dot11 arp-cache <-- Negate dot11 arp-cache with "NO"

When ARP caching is disabled (its is by default), the access point forwards all ARP requests through the radio port to associated clients, and the client to which the ARP request is directed responds.
See FIG 1.

 

 

ARP CACHE ENABLED:

ap(config)#dot11 arp-cache <-- dot11 arp-cache ENABLED

When ARP caching is enabled, the access point responds to ARP requests for associated clients and does not forward requests to clients. When the access point receives an ARP request for an IP address not in the cache, the access point drops the request and does not forward it. Did your ears just perk up!? See Fig 2

 

 

 

ARP CACHE OPTIONAL: 

ap(config)#ap(config)#dot11 arp-cache optional <-- dot11 arp-cache OPTIONAL

When legacy and non-Cisco client devices are associated to an access point and not passing data, the access point might not know the client’s IP address. If this situation occurs frequently on your wireless LAN, you can enable optional ARP caching. When ARP caching is optional, the access point responds on behalf of clients with IP addresses known to the access point but forwards out its radio port any ARP requests addressed to unknown clients. When the access point learns the IP addresses for all associated clients, it drops ARP requests not directed to its associated clients.