Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1037
Views
0
Helpful
2
Replies

WLC 7.0.220 - USER_ADD_FAILED

Hosam Badreldin
Level 1
Level 1

‎04-16-2012 09:11 AM - edited ‎07-03-2021 10:00 PM

Here is what I'm getting:

*Dot1x_NW_MsgTask_0: Apr 16 10:08:53.443: %APF-1-USER_ADD_FAILED: apf_ms.c:5665 Unable to create username mag12 for mobile00:21:5f:b2:f6:87.

I have WPA2 with 802.1X ties back to ACS 5.3. Works great, but I got a client having a problem today. Cisco doesn't say much about this error and it consider it an internal error? How to fix it? what does it mean exactly? Anybody?

Here is my CLI debug output last few lines:

*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 Stopping reauth timeout for 00:22:5f:b3:f6:87

*dot1xMsgTask: Apr 16 09:08:38.460: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state

*dot1xMsgTask: Apr 16 09:08:38.461: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 1)

*Dot1x_NW_MsgTask_0: Apr 16 09:08:38.465: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87

*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 Received EAPOL START from mobile 00:22:5f:b3:f6:87

*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.488: 00:22:5f:b3:f6:87 dot1x - moving mobile 00:22:5f:b3:f6:87 into Connecting state

*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.489: 00:22:5f:b3:f6:87 Sending EAP-Request/Identity to mobile 00:22:5f:b3:f6:87 (EAP Id 2)

*Dot1x_NW_MsgTask_0: Apr 16 09:09:09.493: 00:22:5f:b3:f6:87 Received EAPOL EAPPKT from mobile 00:22:5f:b3:f6:87

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-16-2012 09:21 AM

Looks like there may be a stuck/stale entry in the MSCB that is not allowing that client to be added.

You could try rebooting the WLC to see if it clears it.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Hosam Badreldin
Level 1
Level 1
In response to Stephen Rodriguez

‎04-16-2012 09:27 AM

There is noway we can clear the MCSB entry table for that controller from command line? The user is able to authenticate from time to time so it is an intermittent issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card