Устранение неполадок
В этом разделе описывается процесс устранения неполадок конфигурации. Лучше предоставить эту работу компании занимающийся ИТ-аутсерсингом.
Команды для устранения неполадок
Интерпретатор выходных данных – OIT (только для зарегистрированных пользователей) поддерживает ряд команд show. Посредством OIT можно анализировать выходные данные команд show.
Примечание. Прежде чем использовать команды debug, ознакомьтесь с документом Важная информация о командах отладки.
Отладка примеров
Пример стороны WGB
На WGB данный пример принимает 2.4 ГГц; при использовании 5 ГГц задайте Dot11Radio1вместо Dot11Radio0.
WGB#no debug dot11 dot11radio0 print printf
!--- This runs the radio debugs through
!--- the standard Cisco IOS logger.
WGB#debug dot11 dot11radio0 trace print mgmt uplink
!--- radio driver debugs: 802.11 management frames
!--- and uplink events
WGB#debug dot11 supp-sm-dot1x
!--- interface to the 802.1X supplicant
Вот пример обычной ассоциации, данной в предыдущей конфигурации:
|
Пример стороны WGB |
Mar 4 23:22:39.427: 108DD0BF-0 Uplink: Enabling active scan Mar 4 23:22:39.427: 108DD0D0-0 Uplink: Not busy, scan all channels Mar 4 23:22:39.427: 108DD0DE-0 Uplink: Scanning Mar 4 23:22:39.430: 108DDF83-0 Uplink: Rcvd response from 0019.a942.e415 channel 1 3237 !--- WGB scans the 2.4 GHz channels, !--- found an AP on channel 1. Mar 4 23:22:39.470: 108E7B31-0 Uplink: dot11_uplink_scan_done: ssnie_accept returns 0x0 key_mgmt 0x50F201 encrypt_type 0x20 Mar 4 23:22:39.470: 108E7B67-0 Uplink: ssid EAPTLS auth leap Mar 4 23:22:39.471: 108E7B77-0 Uplink: try 0019.a942.e415, enc 20 key 1, priv 1, eap 11 Mar 4 23:22:39.471: 108E7B93-0 Uplink: Authenticating Mar 4 23:22:39.479: 108E9C71 t 1 0 - B000 13A 42E415 B07EB6 42E415 D9E0 auth l 6 algorithm 128 sequence 1 status 0 Mar 4 23:22:39.480: 108EA160 r 1 73/ 26- B000 13A B07EB6 42E415 42E415 5E70 auth l 37 algorithm 128 sequence 2 status 0 221 - 0 40 96 C 1 A 22 79 95 1A 7C 18 1 0 0 CA 4 0 0 0 0 74 52 EA 31 F4 9E 89 5A !--- WGB completes 802.11 authentication. Mar 4 23:22:39.480: 108EA1EB-0 Uplink: Associating Mar 4 23:22:39.481: 108EA951 t 1 0 - 0000 13A 42E415 B07EB6 42E415 D9F0 assreq l 119 cap 431 infra privacy shorthdr listen interval 200 ssid EAPTLS rates 82 84 8B C 12 96 18 24 extrates 30 48 60 6C aironet WGB.Cisco.COM load 0 clients 0 hops 0 device 7C-2700 refresh 15 CW 0-0 flags 0 distance 0 ccxver 5 221 - 0 40 96 14 0 IP 10.0.47.23 1 wpa1 mcst tkip ucst tkip keymgmt wpa cap 2800 221 - 0 40 96 6 2 Mar 4 23:22:39.484: 108EB2C6 r 1 80/77 19- 1000 13A B07EB6 42E415 42E415 5E80 assrsp l 101 cap 31 infra privacy shorthdr status 0 aid C003 rates 82 4 B 16 aironet AP0019.e802.303 load 0 clients 0 hops 0 device 8F-2700 refresh 15 CW 31-1023 flags 40 distance 0 IP 10.0.47.6 0 ccxver 5 221 - 0 40 96 14 0 221 - 0 40 96 C 1 A 22 7E 95 1A 7C 18 1 0 0 CB 4 0 0 0 0 FB 4C F3 7D D 29 71 E2 !--- WGB completes 802.11 association. Mar 4 23:22:39.486: Uplink address set to 0019.a942.e415 Mar 4 23:22:39.486: Initialising common IOS structures for dot1x Mar 4 23:22:39.486: Done. Mar 4 23:22:39.486: DOT1X_SHIM: Start supplicant on Dot11Radio0 (credentials EAPTLS) Mar 4 23:22:39.486: DOT1X_SHIM: Starting dot1x_mgr_auth (auth type 128) Mar 4 23:22:39.486: DOT1X_SHIM: Initialising WPA [or WPA-PSK or CCKM] key management module !--- Starting the EAP-TLS supplicant Mar 4 23:22:39.488: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.489: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.489: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.490: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) !--- The "No AAA client found" message appears !--- to be a bogon and can be ignored. Mar 4 23:22:39.491: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.491: 108EB9B4-0 Uplink: EAP authenticating Mar 4 23:22:39.491: 108EBD22 r 11 73/ 4 - 0802 13A B07EB6 42E415 42E415 5E90 l64 0100 0034 0101 0034 0100 6E65 7477 6F72 6B69 643D 4541 5054 4C53 2C6E 6173 6964 3D74 7563 736F 6E2D 776C 6332 3030 362C 706F 7274 6964 3D34 0000 Mar 4 23:22:39.492: 108EC770 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA00 l68 EAPOL2 EAPOL start Mar 4 23:22:39.492: 108ECA4D r 11 74/ 18- 0802 13A B07EB6 42E415 42E415 5EA0 l64 0100 0034 0102 0034 0100 6E65 7477 6F72 6B69 643D 4541 5054 4C53 2C6E 6173 6964 3D74 7563 736F 6E2D 776C 6332 3030 362C 706F 7274 6964 3D34 0000 Mar 4 23:22:39.492: 108ECDE2 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA10 l68 EAPOL2 EAP id 1 resp ident "WGB" Mar 4 23:22:39.493: 108ED000 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA20 l68 EAPOL2 EAP id 2 resp ident "WGB" Mar 4 23:22:39.524: 108F50C4 r 11 74/ 18- 080A 13A B07EB6 42E415 42E415 5EC0 l31 0100 0013 01AF 0013 1101 0008 E23F 829E AE45 57EB 5747 4200 0000 0000 0000 00 !--- The WGB sends an EAPOL START, !--- the WLC authenticator sends an EAP ID Request, !--- and the WGB responds with an EAP ID response. Mar 4 23:22:39.525: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.525: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.526: 108F57D0 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA30 l68 EAPOL2 EAP id 175 resp nak 0D Mar 4 23:22:39.547: 108FA89C r 11 86/77 19- 080A 13A B07EB6 42E415 42E415 5ED0 l18 0100 0006 01B0 0006 0D20 0000 0000 0000 0000 Mar 4 23:22:39.547: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.561: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.561: 108FE059 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA40 l86 EAPOL2 EAP id 176 resp tls 8000 0000 3216 0301 002D 0100 0029 0301 47CD D9BF CE1B 71B1 A815 CB99 8C80 8876 39F2 57A3 0F02 F382 147E 9D0C 657E 3AA7 Mar 4 23:22:39.572: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.573: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.573: 10900868 r 11 86/77 20- 0802 13A B07EB6 42E415 42E415 5EF0 l1024 0100 03F4 01B1 03F4 0DC0 0000 079D 1603 0100 4A02 0000 4603 0147 CDD9 B413 0683 9734 4D26 136F EC8F ECD3 5D3B 77C7 4D20 7DA1 9B17 D7D3 E4A6 1720 Mar 4 23:22:39.574: 109012E6 t 11 1 - 0809 13A 42E415 B07EB6 42E415 DA50 l68 EAPOL2 EAP id 177 resp tls 00 Mar 4 23:22:39.582: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.734: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.735: 1090317E r 11 /78 19- 0802 13A B07EB6 42E415 42E415 5F00 l965 0100 03B9 01B2 03B9 0D00 C687 1DB6 065B 2467 2609 EE5F 9C64 F3A9 C199 493E 2B79 F157 1765 6C2F C409 4D54 7DA4 6791 4859 ECAA 685B 0F66 C5E9 22A6 Mar 4 23:22:39.736: 10928A31 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA60 l1239 EAPOL2 EAP id 178 resp tls 8000 0004 B316 0301 036D 0B00 0369 0003 6600 0363 3082 035F 3082 0247 A003 0201 0202 0A13 79B0 7200 0000 0000 0C30 0D06 Mar 4 23:22:39.755: 1092D464 r 11 /78 18- 0802 13A B07EB6 42E415 42E415 5F40 l65 0100 0035 01B3 0035 0D80 0000 002B 1403 0100 0101 1603 0100 20B8 EBFA 2DDB 2E1A BF84 37A8 892C 84C5 50B2 B1A5 6F3E B2B5 981A 2899 1DE2 B470 6800 Mar 4 23:22:39.755: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.760: DOT1X_SHIM: Dot1x pkt sent (uplink) with dest 0019.a942.e415 Mar 4 23:22:39.760: 1092E92C t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA70 l68 EAPOL2 EAP id 179 resp tls 00 Mar 4 23:22:39.770: 10930F50 r 11 75/80 19- 0802 13A B07EB6 42E415 42E415 5F60 l16 0100 0004 03B3 0004 0000 0000 0000 0000 Mar 4 23:22:39.770: DOT1X_SHIM: No AAA client found for 0019.a942.e415 (on Dot11Radio0) Mar 4 23:22:39.774: DOT1X_SHIM: Received Dot1x success - Authenticated with EAP-TLS !--- EAP-TLS authentication is successful, !--- now come the keys. Mar 4 23:22:39.774: DOT1X_SHIM: treat key material as wpa-v1 v2 pmk Mar 4 23:22:39.774: DOT1X_SHIM: WPA PMK key size truncated from 64 to 32 Mar 4 23:22:39.777: DOT1X_SHIM: Got Eapol key packet from dot1x manager Mar 4 23:22:39.777: DOT1X_SHIM: Passing key packet to KM module Mar 4 23:22:39.777: supp_km_processKey: descriptor type = 254 Mar 4 23:22:39.777: supp_km_processKey: key length = 137 Mar 4 23:22:39.778: 109319B7 r 11 /77 16- 080A 13A B07EB6 42E415 42E415 5F70 l107 0103 005F FE00 8900 2000 0000 0000 0000 006E 64D0 C659 1C91 11D2 6040 C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E DF00 0000 0000 0000 0000 Mar 4 23:22:39.779: 109332C2 t 11 1 - 0809 13A 42E415 B07EB6 42E415 DA80 l133 EAPOL key desc FE info 109 len 20 replay 0000000000000000 nonce 11AADA303F5F9B2357A932B3093483905E69F8408D019FB2EF56F7AD706F0759 iv 00000000000000000000000000000000 rsc 0000000000000000 id 0000000000000000 mic DBD06C383B83E3478F802844095E9444 datalen 1A key DD18 0050 F201 0100 0050 F202 0100 0050 F202 0100 0050 F201 2800 Mar 4 23:22:39.780: 109336C1 r 11 83/78 18- 0802 13A B07EB6 42E415 42E415 5F80 l133 0103 0079 FE01 C900 2000 0000 0000 0000 016E 64D0 C659 1C91 11D2 6040 C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E DF6E 64D0 C659 1C91 11D2 Mar 4 23:22:39.781: DOT1X_SHIM: Got Eapol key packet from dot1x manager Mar 4 23:22:39.781: DOT1X_SHIM: Passing key packet to KM module Mar 4 23:22:39.781: supp_km_processKey: descriptor type = 254 Mar 4 23:22:39.781: supp_km_processKey: key length = 457 Mar 4 23:22:39.781: dot1x_pakio_plumb_keys: trying to plumb PTK key Mar 4 23:22:39.782: 10933E11 t 11 0 - 0801 13A 42E415 B07EB6 42E415 DA90 l107 EAPOL key desc FE info 109 len 20 replay 0000000000000001 nonce 0000000000000000000000000000000000000000000000000000000000000000 iv 00000000000000000000000000000000 rsc 0000000000000000 id 0000000000000000 mic 3A59680D1130EC24B00F7246F9D0738F datalen 0 key Mar 4 23:22:39.785: 10934749 r 11 88/77 17- 0842 13A B07EB6 42E415 42E415 5F90 l155 IV 0103007F-FE039100 2000 0000 0000 0000 026E 64D0 C659 1C91 11D2 6040 C251 0592 E6B6 3799 0EDE B1BD B3A6 87B7 8C9B 0D5E D76E 64D0 C659 1C91 11D2 Mar 4 23:22:39.785: DOT1X_SHIM: Got Eapol key packet from dot1x manager Mar 4 23:22:39.785: DOT1X_SHIM: Passing key packet to KM module Mar 4 23:22:39.785: supp_km_processKey: descriptor type = 254 Mar 4 23:22:39.785: supp_km_processKey: key length = 913 Mar 4 23:22:39.786: dot1x_pakio_plumb_keys: trying to plumb vlan key - length: 32 Mar 4 23:22:39.787: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP AP0019.e802.303 0019.a942.e415 [EAP-TLS WPA] Mar 4 23:22:39.787: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up Mar 4 23:22:39.789: 10934D63-0 Uplink: Done Mar 4 23:22:39.789: 10934D94-0 Interface up Mar 4 23:22:39.790: 10934ED7 t 11 0 - 0841 13A 42E415 B07EB6 42E415 DAA0 l115 EAPOL key desc FE info 311 len 0 replay 0000000000000002 nonce 0000000000000000000000000000000000000000000000000000000000000000 iv 00000000000000000000000000000000 rsc 0000000000000000 id 0000000000000000 mic DA60CCDAE27E7362B9B720B52715E081 datalen 0 key !--- The keys are all distributed, !--- and the Dot11Radio0 interface is fully up. |