In this post we will see how client information can be found in Converged Access platforms (5760/3850/3650). Normally client information will be stored in 3 different places within the switch
1. WCM – Wireless Control Module
2. WCDB – Wireless Client DataBase within IOSd
3. Platform or Forwarding Infrastructure
Below diagram shows these components within the switch architecture & commands you can run to view this information.
Here is an example. “show wireless client summary” output will provide each client MAC address, Connected AP name, WLAN ID, Client Status & Protocol. In this output if protocol appear as “Mobile” that mean that client is a roamed client.
3850-1#show wireless client ? ap Cisco access point information calls Wireless client calls client-statistics Show clients statistics dot11 Show 802.11 parameters location-calibration wireless client location calibration mac-address Wireless client MAC address probing Show probing clients statistic Show protocol client count summary Show active clients tclas Show TCLAS associated with a client and User Priority timers Display 802.11 system timers top top username Shows wireless client information voice Wireless client voice parameters wifidirect Show wifidirect related attributes 3850-1#show wireless client summary Number of Local Clients : 2 MAC Address AP Name WLAN State Protocol -------------------------------------------------------------------------------- 8c70.5a74.2370 xxx-AP06 22 UP 11n(5) 9018.7cfa.c6ac N/A 22 UP Mobile
You can find client IP information from “show wcdb database all” command. As you can see below mobility state shown as “LOCAL” for local client & “ANCHOR” for the mobile client indicating that client has roamed to another AP managed by a different 3850.
3850-1#show wcdb database all Total Number of Wireless Clients = 2 Clients Waiting to Join = 0 Local Clients = 1 Anchor Clients = 1 Foreign Clients = 0 MTE Clients = 0 Mac Address VlanId IPv4 Address Src If Auth Mob ------------------ ------ --------------- ------------------ -------- ------- 8c70.5a74.2370 1420 x.x.104.29 0x0081670000000007 RUN LOCAL 9018.7cfa.c6ac 1420 x.x.104.100 0x008094400000003E RUN ANCHOR
“LOCAL” mean that client connects to an AP managed by this switch & that client remain on that AP without roaming. Here is mobility state “LOCAL” client detail information in WCDB. You can find client State_Change history from this output (ASSOCIATE -> L2_AUTH -> LEARN_IP->RUN)
3850-1#show wcdb database ? H.H.H 48-bit hardware address all All WCDB entries client-id-db All Client ID entries ip-db All IP ADDR entries non-cisco-wgb-db All Wired Clients behind Non-Cisco WGB 3850-1#show wcdb database 8c70.5a74.2370 mac: 8c70.5a74.2370 ssid: Wireless2 client_type: Regular Wireless client_id: 0x00B9D50000000832 client_index: 1978 user_id: xyz src_interface: 0x00A0080000000028 dst_interface: 0x0000000000000000 bssid: b838.6183.70a0 radio_id: 1 wgbid: 0000.0000.0000 wlan_id: 1 global_wlan_id: 22 assoc_id: 1 vlan_id: 1420 mcast_vlan_id: 1360 mobility_state: LOCAL auth_state: RUN auth_state_wcm: RUN dhcp_req_rx: 0 ipv4_source: DHCP ipsg_flag: 0 num_v4_addrs: 1 ipv4addr[0]: x.x.104.29 ipv4addr[1]: 0.0.0.0 ipv4addr[2]: 0.0.0.0 ipv4addr[3]: 0.0.0.0 num_v6_addrs: 0 dhcp_server_ip: 0.0.0.0 dhcp_class_name: Test dhcp_action_flags: 0 option 82: option_82 length: 0 dhcp_notify_preference_flag: 1 dhcp_notify_interested_options: 0 options_length: 0 options TLV is: p2p_state: P2P_BLOCKING_DISABLE bssid_iifid: 0x009C83C0000000A0 radio_iifid: 0x009D0C400000002A num_protocol_values: 1 Entry no: 0 protocol = 0 type = 0 value = 0 ip_learnt: 0x1 flags: 0x2 switch_num: 0 asic_num: 0 state_change_history: Vlan Auth Mob Flags IPv4Src IPv4Address(s) time 2. 1420 LEARN_IP LOCAL 0x2 DHCP [1] x.x.104.29 08-05-2014 18:35:43.329569 1. 1420 L2_AUTH_ INIT 0x2 UNKNOWN [0] 08-05-2014 18:35:42.465359 0. 1363 ASSOCIAT INIT 0x0 UNKNOWN [0] 08-05-2014 18:35:39.525280 IPLearnt IPv6Address(s) 2. 0x1 [0] 1. 0x0 [0] 0. 0x0 [0]
In the “show capwap detail” output you can find out “src_interface” is corresponds to Ca6 where xxx-AP08 is connected. “destination_interface” 0x000… 000 indicate it is destined to switch itsef.
3850-1#show capwap ? ap-name CAPWAP Interface Info of an AP detail CAPWAP Interface Details summary CAPWAP Interface Summary 3850-1#show capwap detail CAPWAP Tunnels General Statistics: Number of Capwap Data Tunnels = 8 Number of Capwap Mobility Tunnels = 7 Number of Capwap Multicast Tunnels = 1 Name APName Type PhyPortIf Mode McastIf ------ -------------------------------- ---- --------- --------- ------- Ca0 - mob - unicast - Ca15 - mcas - unicast - Ca9 - mob - unicast - . Ca6 XXX-AP08 data Gi1/0/1 multicast Ca15 Ca4 XXX-AP02 data Gi2/0/2 multicast Ca15 Name SrcIP SrcPort DestIP DstPort DtlsEn MTU Xact ------ --------------- ------- --------------- ------- ------ ----- ---- Ca0 x.y.32.26 16667 x.y.49.1 16667 No 1464 1 Ca15 x.y.32.26 5247 239.160.32.265247 No 1449 1 Ca9 x.y.32.26 16667 x.y.32.25 16667 No 1464 1 . Ca6 x.y.32.26 5247 x.y.32.133 4154 No 1449 0 Ca4 x.y.32.26 5247 x.y.33.66 65196 No 1449 0 Name IfId McastRef ------ ------------------ -------- Ca0 0x009D6B4000000001 0 Ca15 0x009417400000007D 8 Ca6 0x00A0080000000028 0 Ca4 0x009A4C000000001A 0
Now if you look at the WCDB client detail for the other client you will see something below. “ANCHOR” means that client first associated to an AP managed by a this switch(3850-1) & then roam to an AP managed by different switch (3850-2). Now you can see in this switch client mobility status become “ANCHOR” & prior to that state client was in “LOCAL” mobility state.
3850-1#show wcdb database 9018.7cfa.c6ac ? | Output modifiers <cr> 3850-1#show wcdb database 9018.7cfa.c6ac mac: 9018.7cfa.c6ac ssid: Wireless2 client_type: Regular Wireless client_id: 0x00A1E6C0000007A9 client_index: 1841 user_id: abc123 src_interface: 0x008094400000003E dst_interface: 0x0000000000000000 bssid: 0000.0000.0000 radio_id: 0 wgbid: 0000.0000.0000 wlan_id: 1 global_wlan_id: 22 assoc_id: 5 vlan_id: 1420 mcast_vlan_id: 1360 mobility_state: ANCHOR auth_state: RUN auth_state_wcm: RUN dhcp_req_rx: 0 ipv4_source: DHCP ipsg_flag: 0 num_v4_addrs: 1 ipv4addr[0]: x.x.104.100 ipv4addr[1]: 0.0.0.0 ipv4addr[2]: 0.0.0.0 ipv4addr[3]: 0.0.0.0 num_v6_addrs: 0 dhcp_server_ip: 0.0.0.0 dhcp_class_name: Test dhcp_action_flags: 0 option 82: option_82 length: 0 dhcp_notify_preference_flag: 1 dhcp_notify_interested_options: 0 options_length: 0 options TLV is: p2p_state: P2P_BLOCKING_DISABLE bssid_iifid: 0x0000000000000000 radio_iifid: 0x0000000000000000 num_protocol_values: 1 Entry no: 0 protocol = 0 type = 0 value = 0 ip_learnt: 0x1 flags: 0x2 switch_num: 0 asic_num: 0 state_change_history: Vlan Auth Mob Flags IPv4Src IPv4Address(s) time 3. 1420 RUN LOCAL 0x2 DHCP [1] x.x.104.100 08-05-2014 15:03:49.43096 2. 1420 LEARN_IP LOCAL 0x2 DHCP [1] x.x.104.100 08-05-2014 15:03:42.854828 1. 1420 L2_AUTH_ INIT 0x2 UNKNOWN [0] 08-05-2014 15:03:41.105011 0. 1362 ASSOCIAT INIT 0x0 UNKNOWN [0] 08-05-2014 15:03:38.187555 IPLearnt IPv6Address(s) 3. 0x1 [0] 2. 0x1 [0] 1. 0x0 [0] 0. 0x0 [0]
In this situation you can see the traffic is sourcing( x.y.32.25) from different switch (3850-2).
3850-1#show capwap detail | in 003E Ca9 0x008094400000003E 0 3850-1#show capwap detail | be Ca9 Name SrcIP SrcPort DestIP DstPort DtlsEn MTU Xact ------ --------------- ------- --------------- ------- ------ ----- ---- Ca0 x.y.32.26 16667 x.y.49.1 16667 No 1464 1 Ca7 x.y.32.26 5247 x.y.33.71 30387 No 1449 0 Ca9 x.y.32.26 16667 x.y.32.25 16667 No 1464 1
Now if you go to x.y.32.25 switch you should be able to see this client detail.
3850-2#show wcdb database all Total Number of Wireless Clients = 2 Clients Waiting to Join = 0 Local Clients = 1 Anchor Clients = 0 Foreign Clients = 1 MTE Clients = 0 Mac Address VlanId IPv4 Address Src If Auth Mob -------------- ------ --------------- ------------------ -------- ------- 9018.7cfa.c6ac 1420 x.x.104.100 0x008E6CC000000017 RUN FOREIGN 0080.9244.fd09 1108 x.x.9.1 0x00A76C0000000010 RUN LOCAL
You can verify client WCDB details as below
3850-2#show wcdb database 9018.7cfa.c6ac mac: 9018.7cfa.c6ac ssid: Wireless2 client_type: Regular Wireless client_id: 0x00AB5540000004B0 client_index: 1131 user_id: abc123 src_interface: 0x008E6CC000000017 dst_interface: 0x0083A74000000007 bssid: b838.6183.6730 radio_id: 1 wgbid: 0000.0000.0000 wlan_id: 1 global_wlan_id: 22 assoc_id: 7 vlan_id: 1420 mcast_vlan_id: 1360 mobility_state: FOREIGN auth_state: RUN auth_state_wcm: RUN dhcp_req_rx: 0 ipv4_source: DHCP ipsg_flag: 0 num_v4_addrs: 1 ipv4addr[0]: x.y.104.100 ipv4addr[1]: 0.0.0.0 ipv4addr[2]: 0.0.0.0 ipv4addr[3]: 0.0.0.0 num_v6_addrs: 0 dhcp_server_ip: 0.0.0.0 dhcp_class_name: Test dhcp_action_flags: 0 option 82: option_82 length: 0 dhcp_notify_preference_flag: 1 dhcp_notify_interested_options: 0 options_length: 0 options TLV is: p2p_state: P2P_BLOCKING_DISABLE bssid_iifid: 0x0092BB8000000022 radio_iifid: 0x008FA4800000001F num_protocol_values: 1 Entry no: 0 protocol = 0 type = 0 value = 0 ip_learnt: 0x1 flags: 0x2 switch_num: 0 asic_num: 0 state_change_history: Vlan Auth Mob Flags IPv4Src IPv4Address(s) time 7. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 19:32:12.183349 6. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 19:32:12.182996 5. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 19:02:50.914053 4. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 19:02:50.913653 3. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 18:32:49.712737 2. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 18:32:49.712373 1. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 18:03:07.347859 0. 1420 RUN FOREIGN 0x2 DHCP [1] x.y.104.100 08-05-2014 18:03:07.347511 IPLearnt IPv6Address(s) 7. 0x1 [0] 6. 0x1 [0] 5. 0x1 [0] 4. 0x1 [0] 3. 0x1 [0] 2. 0x1 [0] 1. 0x1 [0] 0. 0x1 [0]
Now this time you can see the source interface is pointing to Ca10 where xxx-AP02 is connected & destination interface pointing to Ca2 where mobility tunnel establish with anchor 3850 for this client.
3850-2#show capwap detail CAPWAP Tunnels General Statistics: Number of Capwap Data Tunnels = 6 Number of Capwap Mobility Tunnels = 7 Number of Capwap Multicast Tunnels = 1 Name APName Type PhyPortIf Mode McastIf ------ -------------------------------- ---- --------- --------- ------- Ca10 xxx-AP02 data Gi1/0/3 multicast Ca1 Ca2 - mob - unicast - . Name SrcIP SrcPort DestIP DstPort DtlsEn MTU Xact ------ --------------- ------- --------------- ------- ------ ----- ---- . Ca10 x.y.32.25 5247 x.y.33.72 4115 No 1449 0 Ca2 x.y.32.25 16667 x.y.32.26 16667 No 1464 1 Name IfId McastRef ------ ------------------ -------- . Ca10 0x008E6CC000000017 0 Ca2 0x0083A74000000007 0
As you saw in the above examples, it is important to understand those client Mobility States & Client Authentication Status when troubleshooting these cleint connectivity issues. Below diagram show where to look (WCM or WCDB) depend on the Client State (Assoc, L2_AUTH, LEARN_IP, L3_AUTH, RUN) in your troubleshooting process.
Here are some important points about the above flow chart.
1. 802.11 association related information can be found only from AP debug messages (not from WLC)
2. Once 802.11 association complete WCM will add client entry onto WCDB
3. L2_AUTH (EAP or PSK) occur afterwards
4. Once L2_AUTH complete WCM send mobility messages to its peers to see that client information available with any of them
5. If no client info from any other WLC, it will go for LEARN_IP states (it can be via ARP, DHCP, etc)
6. If Web Auth configured then L3_AUTH state happen next
7. Once that complete client will move to RUN state once all QoS/Sec policy applied.
8. If 802.1X then AAA accounting start at that point.
Here is the reference Ciscolive365 presentation used for this post. You can watch the recorded session from the below link
BRKEWN-3021 – Advanced Troubleshooting Converged Access Wireless Deployments (2014 San Francisco)
Related Post
1.
2.
