Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
********************************************** 9800. 17.6.4 10.126.1.68 172.30.3.64 ISE 2.6 172.30.3.64 ******************************************** issue: ISE issues -ror 5440 Endpoint abandoned Analysis: We noticed in the captures taken on the uplink of the WLC and TCP dump from ISE, that the WLC is not incrementing the radius ID and is stuck on 249 and 250 ID. Hover, EAP iD are incrementing correctly tis results on clients getting issue to authenticate with ISE. >>>>>>>>> THIS IS THE LAST EAP ID SEEN IN THE CAPTURE [124] <<<<<<<<<<<<<<<<< 2023/01/11 20:56:39.586134 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Setting EAPOL eth-type to 0x888e, destination mac to dc1b.a19b.468c 2023/01/11 20:56:39.586136 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Sending out EAPOL packet 2023/01/11 20:56:39.586219 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Sent EAPOL packet - Version : 3,EAPOL Type : EAP, Payload Length : 6, EAP-Type = EAP-TLS 2023/01/11 20:56:39.586221 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] EAP Packet - REQUEST, ID : 0x7c >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 124 !!!!! 2023/01/11 20:56:39.586224 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:unknown] Pkt body: 01 7c 00 06 0d 00 2023/01/11 20:56:39.586229 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] EAPOL packet sent to client 2023/01/11 20:56:39.589903 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Received EAPOL packet - Version : 1,EAPOL Type : EAP, Payload Length : 1492, EAP-Type = EAP-TLS 2023/01/11 20:56:39.589906 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] EAP Packet - RESPONSE, ID : 0x7c >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 124!!!!! 2023/01/11 20:56:39.589922 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:unknown] Pkt body: 02 7c 05 d4 0d 40 2d 33 31 33 34 30 37 35 37 39 34 2d 37 33 38 39 34 37 32 30 31 2d 34 32 30 36 36 38 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 11 03 28 b6 c8 dd e2 17 71 18 2023/01/11 20:56:39.589925 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Queuing an EAPOL pkt on Authenticator Q 2023/01/11 20:56:39.589945 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Dequeued pkt: CODE = 2,TYPE = 13,LEN = 1492 2023/01/11 20:56:39.589951 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Received pkt saddr = dc1b.a19b.468c , daddr = f4db.e647.52e0, pae-ether-type = 0x888E 2023/01/11 20:56:39.590043 {wncd_x_R0-0}{1}: [sadb-attr] [17043]: (info): Removing ipv6 addresses from the attr list -2130704187,sm_ctx = 0x8080622000, num_ipv6 = 1 2023/01/11 20:56:39.590110 {wncd_x_R0-0}{1}: [caaa-authen] [17043]: (info): [CAAA:AUTHEN:3100000c] NULL ATTR LIST 2023/01/11 20:56:39.590391 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: Send Access-Request to 172.30.3.64:1812 id 0/250, len 2058 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 250!!!!! 2023/01/11 20:56:39.590400 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: authenticator e6 e3 99 0d 08 0c ee b9 - 87 30 bb ec 0c 6e d8 4a 2023/01/ >>>>>>>>>> ACCOUNTING EXPIRED 2023/01/11 20:56:41.649266 {wncd_x_R0-0}{1}: [auth-mgr] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Accounting timer (0) expired for client dc1b.a19b.468c >>>>> RETRASMISSION NOT SEEN IN THE CAPTURE 2023/01/11 20:56:44.592930 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: Retransmit to (172.30.3.64:1812,1813) for id 0/250 2023/01/11 20:56:44.592938 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS(00000000): Route radius Pkt on vrf:0 for:Access-Request to 172.30.3.64:1812 2023/01/11 20:56:44.593025 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: authenticator e6 e3 99 0d 08 0c ee b9 - 87 30 bb ec 0c 6e d8 4a 2023/01/11 20 2023/01/11 20:56:49.594113 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: Retransmit to (172.30.3.64:1812,1813) for id 0/250 2023/01/11 20:56:49.594119 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS(00000000): Route radius Pkt on vrf:0 for:Access-Request to 172.30.3.64:1812 2023/01/11 20:56:49.594210 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: authenticator e6 e3 99 0d 08 0c ee b9 - 87 30 bb ec 0c 6e d8 4a 2023/0 2023/01/11 20:56:49.595689 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: Started 5 sec timeout 2023/01/11 20:56:54.595398 {wncd_x_R0-0}{1}: [radius] [17043]: (info): RADIUS: Retransmit to (172.30.3.64:1812,1813) for id 0/250 2023/01/11 20:56:57.594581 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Received EAPOL packet - Version : 1,EAPOL Type : START, Payload Length : 0 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> EAPOL START 2023/01/11 20:56:57.594607 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Dequeued pkt: CODE = 0,TYPE = 0,LEN = 0 2023/01/11 20:56:57.594614 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [0000.0000.0000:capwap_9000000a] Received pkt saddr = dc1b.a19b.468c , daddr = f4db.e647.52e0, pae-ether-type = 0x888E 2023/01/11 20:56:57.594636 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Posting EAPOL_START on Client 2023/01/11 20:56:57.594681 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Entering init state 2023/01/11 20:56:57.594691 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Entering idle state 2023/01/11 20:56:57.594696 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Posting !AUTH_ABORT on Client 2023/01/11 20:56:57.594702 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Entering restart state 2023/01/11 20:56:57.594705 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Resetting the client 0x0300000C 2023/01/11 20:56:57.594719 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Override cfg - MAC dc1b.a19b.468c - profile Teck-EAP-Profile 2023/01/11 20:56:57.594721 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Override cfg - SuppTimeout 30s, ReAuthMax 2, MaxReq 2, TxPeriod 30s 2023/01/11 20:56:57.594725 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Sending create new context event to EAP for 0x0300000C (dc1b.a19b.468c) 2023/01/11 20:56:57.594822 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Posting !EAP_RESTART on Client 2023/01/11 20:56:57.594826 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Enter connecting state 2023/01/11 20:56:57.594830 {wncd_x_R0-0}{1}: [dot1x] [17043]: (info): [dc1b.a19b.468c:capwap_9000000a] Restart connecting *************************************************************************************************************************************
********************************************** 9800 17.6.4 10.126.1.68 172.30.3.64 ISE 2.6 172.30.3.64 ********************************************
N/A
********************************************** 9800 17.6.4 10.126.1.68 172.30.3.64 ISE 2.6 172.30.3.64 ******************************************** issue: ISE issues -ror 5440 Endpoint abandoned Analysis: We noticed in the captures taken on the uplink of the WLC and TCP dump from ISE, that the WLC is not incrementing the radius ID and is stuck on 249 and 250 ID. Hover, EAP iD are incrementing correctly tis results on clients getting issue to authenticate with ISE.