[go: up one dir, main page]

100% found this document useful (1 vote)
53 views100 pages

Symbol Ws5100 Troubleshooting Guide

Uploaded by

László Szabó
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
53 views100 pages

Symbol Ws5100 Troubleshooting Guide

Uploaded by

László Szabó
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 100



WS5100 Series Switch


Troubleshooting Guide
© 2007 Motorola, Inc. All rights reserved.

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered
trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
Chapter 1. Overview
1.1 Wireless Switch Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.1.1 Switch Does Not Boot Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.1.2 Switch Takes a Long Time to Start Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.3 Switch Does Not Obtain an IP Address through DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.4 Switch is Stuck in a Booting Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.5 Unable to Connect to the Switch using Telnet or SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
1.1.6 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
1.1.7 Console Port is Not Responding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8 Shutting Down the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8.1 Shutting Down the Switch Using the 1.4.x/2.x Shutdown Command . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8.2 Shutting Down the Switch Using the Halt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
1.2 Access Port Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.2.1 Access Ports are Not Adopted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3 Mobile Unit Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3.1 Access Port Adopted, but MU is Not Being Associated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3.2 MUs Cannot Associate and/or Authenticate with Access Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.3.3 Poor Voice Quality Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.4 Failover Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.4.1 Switch is Not Failing Over . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.4.2 Switch is Failing Over Too Frequently . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.5 Installation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.5.1 After Upgrade, Version Number Has Not Changed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6 Miscellaneous Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6.1 Excessive Fragmented Data or Excessive Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6.2 Excessive Memory Leak. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.7 System Logging Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

Chapter 2. Syslog Messages &


MU Disassociation Codes
2.1 Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
2.2 MU Dissasociation Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-46

Chapter 3. Security Issues


3.2 RADIUS Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
3.2.1 Troubleshooting RADIUS Accounting Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
3.3 Rogue AP Detection Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
3.4 Troubleshooting Firewall Configuration Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
TOC-ii WS5100 Series Switch Troubleshooting Guide

Chapter 4. Network Events and Kern Messages


4.1 KERN Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12

Chapter 5. LED Information


5.1 LED Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.1 Start Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.2 Primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.3 Standby . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.1.4 Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Chapter 6. Updating the System Image


6.1 Upgrading the Switch Image from 1.4.x or 2.x to Version 3.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
6.2 Downgrading the Switch Image from Version 3.x to 1.4.x or 2.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2

Chapter 7. Troubleshooting SNMP Issues


About This Guide
Introduction
This guide provides information for troubleshooting issues on the WS 5100 Series Switch.

NOTE: Screens and windows pictured in this guide are samples and can differ from actual
screens.

Documentation Set
The documentation set for the WS5100 Series Switch is partitioned into the following guides to provide
information for specific user needs.
• WS5100 System Reference - describes WS5100 Series Switch Web UI configuration activities and the
resulting network behavior.
• WS5100 Installation Guide - describes the basic setup and configuration required to transition to more
advanced configuration of the switch.
• WS5100 CLI Reference - describes the Command Line Interface (CLI) and Management Information
Base (MIB) commands used to configure the WS5100 Series Switch.
• WS5100 Migration Guide - provides upgrade instructions and new feature descriptions for legacy
users of the WS5100 Series Switch.

Document Conventions
NOTE: Indicate tips or special requirements.

CAUTION: Indicates conditions that can cause equipment damage or data loss.
!
WARNING! Indicates a condition or procedure that could result in personal
injury or equipment damage.
-viii WS5100 Series Switch Troubleshooting Guide

Notational Conventions
The following additional notational conventions are used in this document:
• Italics are used to highlight the following:
• Chapters and sections in this and related documents
• Dialog box, window and screen names
• Drop-down list and list box names
• Check box and radio button names
• Icons on a screen.
• GUI text is used to highlight the following:
• Screen names
• Menu items
• Button names on a screen.
• bullets (•) indicate:
• Action items
• Lists of alternatives
• Lists of required steps that are not necessarily sequential
• Sequential lists (e.g., those that describe step-by-step procedures) appear as numbered lists.
Overview

This chapter describes common system issues and what to look for while diagnosing the cause of a problem.
Wherever possible, it includes possible suggestions or solutions to resolve the issues.
The following sections are included:
• Wireless Switch Issues
• Access Port Issues
• Mobile Unit Issues
• Failover Issues
• Installation Issues
• Miscellaneous Issues
• System Logging Mechanism

1.1 Wireless Switch Issues


This section describes various issues that may occur when working with the switch. Possible issues include
• Switch Does Not Boot Up
• Switch Takes a Long Time to Start Up
• Switch Does Not Obtain an IP Address through DHCP
• Switch is Stuck in a Booting Loop
• Unable to Connect to the Switch using Telnet or SSH
• Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond
• Console Port is Not Responding
• Shutting Down the Switch

1.1.1 Switch Does Not Boot Up


The switch does not boot up to a username prompt via CLI console or Telnet.
Table 1.1 provides suggestions to troubleshoot this issue.
1-2 WS5100 Series Switch Troubleshooting Guide

Table 1.1 Switch Does Not Boot Up Troubleshooting Notes

Possible Problem Suggestions to Correct


Switch has no power • Verify power cables, fuses, UPS power. The front panel LED lights up when
power is applied to the switch.
• Verify the power switch on the back of the switch is in the I (on) position.
• Have a qualified electrician check the power source to which the switch is
connected.
Chassis fans and/or CPU • Visually inspect the fans located inside the switch chassis.
fan not rotating • If one or more of the CPU fans are not running, contact the Motorola Support
center for further instructions.
All else... Contact Motorola Support.

1.1.2 Switch Takes a Long Time to Start Up


Until DHCP is enabled (and if static IP addresses are not being used), startup can be extremely slow. This is
normal.

1.1.3 Switch Does Not Obtain an IP Address through DHCP


The switch requires a routable IP address for the administrator to manage it via Telnet, SSH or a Web
browser. By default, the switch boots up with a non-routable static IP address.
Table 1.2 provides suggestions to troubleshoot this issue.
Table 1.2 Switch Does Not Obtain an IP Address through DHCP Troubleshooting Notes

Possible Issue Suggestions to Correct


DHCP is not configured, or • Verify the configuration for the switch has DHCP enabled. By default, Ethernet NIC 2
not available on same is DHCP enabled. Otherwise, refer to the CLI reference for instructions on enabling
network as the switch the Ethernet interfaces.
• Ensure the WS5100 is on the same network as the DHCP server and verify the server
is providing DHCP services.
• Connect another host configured for DHCP and verify it is getting a DHCP address
DHCP is not enabled on • Enable DHCP, use the CLI command or the GUI to enable DHCP on the Ethernet port
NIC 2 (that is, the Ethernet connected to your network.
port that is not managing • Verify DHCP packets are being sent to NIC 2 using a sniffer tool
the RF network) • If DHCP packets are seen, check to ensure that the switch is not configured for a
static IP on NIC 2.
All else.. Contact Motorola Support.

1.1.4 Switch is Stuck in a Booting Loop


The switch continuously boots and does not change context to a user name prompt.
Table 1.3 provides suggestions to troubleshoot this issue.
Overview 1-3

Table 1.3 Switch is Stuck in a Booting Loop Troubleshooting Notes

Possible Issue Suggestions to Correct


Bad flash memory module Remove the flash memory and install it in a different switch.

Switch not getting enough Verify the CPU fan is operating properly.
ventilation

All else... Contact Motorola Support.

1.1.5 Unable to Connect to the Switch using Telnet or SSH


The switch is physically connected to the network, but connecting to the switch using SSH or Telnet does not
work.
Table 1.4 provides suggestions to troubleshoot this issue.
Table 1.4 Unable to Connect to the Switch using Telnet or SSH Troubleshooting Notes

Possible Issue Suggestions to Correct


Console is not on network • Check all cabling and terminal emulation program settings to be sure they are
correctly set. See Console Port is Not Responding issue, or the WS5100 Series
Switch System Reference Guide for more details.
• From a another system on the same network. attempt to ping the switch.
Telnet is not enabled Verify Telnet or SSH are enabled using the CLI or GUI (By default, telnet is disabled.).
and/or SSH is disabled

Max sessions have been Maximum allowed sessions is 8 concurrent users connected to a switch. Verify that
reached the threshold has not been reached. .

Primary LAN is not Verify Telnet traffic is on the primary VLAN.


receiving Telnet traffic

All else... Contact Motorola Support.

1.1.6 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond
When configuring the switch, it is easy to overlook the fact that the host computer is running the browser
while the switch is providing the data to the browser. Occasionally, while using the Web UI (GUI) the switch
does not respond or appears to be running very slow; this could be a symptom of the host computer or the
network, and not the switch itself. Table 1.5 provides suggestions to troubleshoot this issue.
Table 1.5 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond Troubleshooting Notes

Possible Issue Suggestions to Correct


Bad connection between Verify the line between the switch and the host computer is functioning normally.
switch and console system

Slow transmission of data Verify the data packets are being sent to and from the switch using a sniffer tool.
packets

Access ports may try to Set the country name for the switch, which is set to “none” by default.
adopt while country code is
not set
1-4 WS5100 Series Switch Troubleshooting Guide

Table 1.5 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond Troubleshooting Notes (Continued)

Possible Issue Suggestions to Correct


Packet storm Check Syslog for any type of a packet storm.

Overburdened with a large With large numbers of access ports, changing the configuration quickly may cause the
number of access ports switch to not refresh properly, at least immediately following configuration.

Java JRE is out of date Be sure you are using Sun Java JRE 1.5 or later. To download the appropriate for your
system go to: http://www.sun.com/java/

All else... Contact Motorola Support.

1.1.7 Console Port is Not Responding


The switch console port is physically connected to the host computer’s serial port, but pressing the [Enter]
key gets no response from the switch.
Table 1.6 provides suggestions to troubleshoot this issue.
Table 1.6 Console Port is Not Responding Troubleshooting Notes

Possible Issue Suggestions to Correct


Cabling issue Ensure that a NULL-modem cable is connected from the WS5100 console port to the
host computer’s serial port.

Not using a terminal Verify a serial terminal emulation program, such as HyperTerminal, is in use.
emulation program

Settings in terminal Check the serial port settings in the serial terminal emulation program being used. The
emulation program are correct settings are:
incorrectly set
Terminal Type VT-100

Port COM 1-4

Terminal Settings 19200 bps transfer rate


8 data bits
no parity
1 stop bit
no flow control
All else... Contact Motorola Support.

1.1.8 Shutting Down the Switch


The CLI commands used to shutdown the switch have changed with the release of the 3.x version WS5100
Series Switch. Please refer to the following to differentiate between the shutdown command
(1.4.x and 2.x) from the halt command (3.x).

1.1.8.1 Shutting Down the Switch Using the 1.4.x/2.x Shutdown Command
To gracefully shutdown the WS 5100, issue the shutdown command from the configure context in the CLI:
WS5000.(Cfg)> shutdown
This command will halt the system.
Overview 1-5

A manual power cycle will be required to re-start the switch.


Do you want to proceed (yes/no) : yes

System shut down might take a few mins....


Shutting down the switch...
Shutting down dhcp daemon.. done
Shutting down apache server in the OPEN mode...done.
Shutting down cell controller........ done
Shutting down snmpd agent...done.
Shutting down Postgres....done.
INIT: Sending processes the TERM signal
Shutting down PacketSwitch interface .....
Shutting down dhcp daemon.. done
Shutting down apache server in the OPEN mode...done.
Cell controller not running.
i2c-core: Device or resource busy
Shutting down Postgres....done.
Stopping periodic command scheduler: cron.
Stopping internet superserver: inetd.
Saving random seed... done.
Stopping deferred execution scheduler: atd.
Stopping kernel log daemon: klogd.
Stopping system log daemon: syslogd.
flushing ide devices: hda
System halted.
As directed, wait 10 seconds and turn off the device by toggling the power switch.

1.1.8.2 Shutting Down the Switch Using the Halt Command


To shut down the WS 5100 from the CLI, issue a halt command, as the halt command is now used to shut
down the switch with the release of the 3.x version WS5100 baseline:
WS5100#halt
Wireless switch will be halted, do you want to continue? (y/n):y
The system is going down NOW !!

% Connection is closed by administrator!


WIOS_SECURITYMGR[395]: DNSALG: Shutting down.
WIOS_SECURITYMGR[395]: FTPALG: Shutting down.
The system is halted.

NOTE: The WS5100 will power off after issuing a halt command through a software
toggle of the power supply. Be sure to flip the power switch to the Off position. If the
power cord is removed and reinstalled, or power is lost and restored, the switch will
power back on.
1-6 WS5100 Series Switch Troubleshooting Guide

1.2 Access Port Issues


This section describes various issues related to access ports within the switch network.

1.2.1 Access Ports are Not Adopted


Access ports are not being adopted. Table 1.7 provides suggestions to troubleshoot this issue.
Table 1.7 Access Ports are Not Adopted Troubleshooting Notes

Possible Issue Suggestions to Correct


Access port is not Verify the license key that is set in the switch.
configured

Country code for switch is Verify the country code is entered into the switch prior to adopting any access ports.
not set The switch is not fully functional until a country code is set.

Access ports are off- Verify the access ports are connected to the network and powered on.
network

Switch is configured as Verify the switch is not configured as a Standby system prior to adopting any access
Standby switch ports. Even if a Standby switch is not in use, the Primary switch must be in an active
state in order for it to adopt access ports.
The state is automatically determined by the failover system. From the CLI or Web UI
check the standby state to see if the switch is either Primary or Standby

Access ports are restricted Verify the switch is not configured with an access control list that does not allow
in configuration access port adoption; verify that access port adoption is not set to “deny”.
Ensure that the access port adoption policy is added with a WLAN.

Access Port is on Exclude Verify the ACL adoption list does not include the access ports that are not being
List adopted.

Miscellaneous other issues • Check the access port LEDs for “Loadme” message on start-up.
• With a packet sniffer, look for 8375 (broadcast) packets
• Reset the switch. If the switch is hung, it may begin to adopt access ports properly
once it has been reset.
All else... Contact Motorola Support.

1.3 Mobile Unit Issues


This section describes various issues that may occur when working with the Mobile Units associated with
the wireless switch or associated Access Ports. Possible issues include:
• Access Port Adopted, but MU is Not Being Associated
• MUs Cannot Associate and/or Authenticate with Access Ports
• Poor Voice Quality Issues

1.3.1 Access Port Adopted, but MU is Not Being Associated


Access port associated with an MU is not yet being adopted. The following table provides suggestions to
troubleshoot this issue.
Overview 1-7

Table 1.8 Troubleshooting When Access Port Is Not Yet Adopted

Possible Issue Suggestions to Correct


Unadopted access port Verify the switch has adopted the access port with which the MU is trying to
associate.

Incorrect ESSID applied to Verify on the MU the correct ESSID has been applied to the MU.
the MU

Ethernet port configuration Verify the Ethernet port connected to thenetwork and has a valid configuration.
issues If DHCP is used, verify that the Ethernet cable is connected to the same NIC upon
which DHCP services are enabled.

Incorrect security settings Verify the correct security settings are applied to a WLAN in which the MU is tryng to
associate.

All else... Contact Motorola Support.

1.3.2 MUs Cannot Associate and/or Authenticate with Access Ports


MUs cannot associate and/or authenticate with access ports. The following table provides suggestions to
troubleshoot this issue.

Possible Issue Suggestions to Correct


Preamble differences Verify the Preamble matches between switch and MUs. Try a different setting.

Device key issues Verify in Syslog that there is not a high rate of decryption error messages. This could
indicate that a device key is incorrect.

MU is not in Adopt List Verify the device is not in the “do not adopt ACL”.

Keyguard not set on client Verify Keyguard is set on the client if the Security/WLAN Policy calls for Keygaurd.

1.3.3 Poor Voice Quality Issues


VOIP MUs, BroadCast MultiCast and SpectraLink phones have poor voice quality issues. The following table
provides suggestions to troubleshoot this issue.

Possible Issue Suggestions to Correct


Traffic congestion with data • Maintain voice and data traffic on separate WLANs.
traffic • Use a QoS Classifier to provide dedicated bandwidth if data and voice traffic are
running on the same WLAN.
Long preamble not used on Verify that a long preamble is used with Spectralink phones.
Spectralink phones

1.4 Failover Issues


This section describes various issues related to the failover capabilitie of the switch. Possible issues include:
• Switch is Not Failing Over
1-8 WS5100 Series Switch Troubleshooting Guide

• Switch is Failing Over Too Frequently

1.4.1 Switch is Not Failing Over


Switch is not failing over (Hot Standby) as appropriate.
The following table provides suggestions to troubleshoot this issue.

Possible Issues Suggestions to Correct


Primary and Standby Verify the Primary and Secondary switches are Standby enabled and have the correct
switches are not both MAC address configured for the correct Primary/Secondary switch.
enabled

Primary and Standby Mismatch configurations are not allowed. Verify that the Primary and Secondary
switches have mismatched switches have the same software versions running.
software versions

Primary and Standby Verify the Primary and Secondary switch are configured properly and attempt to ping
switches cannot each switch (using the ping command) from each switch.
communicate with each
other

Other problems, as listed in Review the local logs on the Standby switch.
switch logs

MAC address configuration Review the Syslog. The correct MAC address should be seen when checking the
issues Syslog heartbeat messages.

Conflicting addressing on If more than one Primary switch exists on the same network, then use MAC addresses
same network to configure.

All else... Contact Motorola Support.

1.4.2 Switch is Failing Over Too Frequently


Switch failing over too frequently (flapping).
The following table provides suggestions to troubleshoot this issue.

Possible Issues Suggestions to Correct


One of the switches is Check the CPU usage using the CLI or Web UI Diagnostics information.
crashing

All else... Contact Motorola Support.

1.5 Installation Issues


Before upgrading or downgrading any system, save a copy of the system configuration to an FTP or TFTP
server.
Overview 1-9

1.5.1 After Upgrade, Version Number Has Not Changed


After upgrading the version number has not changed. The following table provides suggestions to
troubleshoot this issue.

Possible Issues Suggestions to Correct


Improper upgrade process • Refer to the release notes and repeat the upgrade process exactly as stated in the
release notes.
• Verify the Syslog folder contents from the CLI Service Mode context. Repeat the
upgrade process if necessary.
All else... Contact Motorola Support.

1.6 Miscellaneous Issues


This section describes various miscellaneous issues related to the switch, and don’t fall into any of the
previously called out issue categories. Possible issues include:
• Excessive Fragmented Data or Excessive Broadcast
• Excessive Memory Leak

1.6.1 Excessive Fragmented Data or Excessive Broadcast


Excessive fragmented data or excessive broadcast.
The following table provides suggestions to troubleshoot this issue.

Possible Issues Suggestions to Correct


Fragmentation • Change the MTU size to avoid fragmentation on other ethernet devices.
• Do not allow VoIP traffic when operating on a flat network (no routers or smart
switches).
• Move to a trunked Ethernet port.
• Move to a different configuration.
All else... Contact Motorola Support.

1.6.2 Excessive Memory Leak


Excessive memory leak. The following table provides suggestions to troubleshoot this issue.

Possible Issues Suggestions to Correct


Memory leak Using the CLI or Web UI’s Diagnostics section to check the available virtual memory.
If any one process displays an excessive amount of memory usage, that process could
be one of the possible causes of the problem.

Too many concurrent Telnet Keep the maximum number of Telnet or SSH sessions low (6 or less), even though up
or SSH sessions to 8 sessions are allowed.

All else... Contact Motorola Support.


1-10 WS5100 Series Switch Troubleshooting Guide

1.7 System Logging Mechanism


The switch provides subsystem logging to a Syslog server. There are two Syslog systems, local and remote.
Local Syslog records system information locally, on the switch. The remote Syslog sends messages to a
remote host. All Syslog messages conform to the RFC 3164 message format.
Syslog Messages &
MU Disassociation Codes

2.1 Syslog Messages


The following table provides information and descriptions of Syslog Messages.

Number Mnemonic Severity Syslog Message Meaning / Cause


1. AUTOUPCONFIG 4 Loaded new startup config If checksum compares for new and
running configurations are different –
new config overwrites the running
one. This may happen during auto-
install.

2. AUTONOUPCONFIG 4 Available config is same as New and running configurations are


last loaded - will not be the same. This may happen during
reloaded auto-install.

3. AUTOUPCLCONFIG 4 Loaded new cluster config If checksum for new and running
config are different – new config
overwrites the running one. This may
happen during
auto-install.

4. AUTOINSTCLCFGNOCOPY 3 Could not overwrite the Copy temp to cluster-config failed.


cluster config file [str] Overwriting running-config with
cluster-config, wrong url path for files
display this error.

5. AUTOUPNOCLCONFIG 5 Available cluster config is Config is the same.


same as last loaded - will
not be reloaded

6. AUTOINSTCLCFGNOREAD 3 Could not read the cluster Cluster config copy to temp failed.
config file [str]

7. AUTONOIMAGEUPODATE 5 Requested image matches New and installed image versions


running image - will not be match.
loaded

8. AUTOIMAGEUPODATE 5 Attempting to load Local image version does not match


requested image required image version.
2-2 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


9. AUTOINSTNODHCP 5 DHCP did not provide any DHCP information got update but file
configuration information - cannot be opened.
no autoinstall action taken

10. AUTOINSTTIMEDREBOOT 7 Autoinstall delayed reboot - Auto-install rebooting the system.


shutting down system now

11. AUTOCLCONFDISAB 5 Autoinstall of cluster No autoinstall options were enabled.


configuration is disabled

12. AUTOINSTNODHCP 5 Autoinstall of startup No autoinstall options were enabled.


configuration is disabled

13. AUTOINSTSIGWCCP 7 Changed cluster config - Cluster config changed. Need to


signalling WCCP daemon inform WCCP – Wireless Cluster
pid [int] Control protocol, which handles all
cluster services.

14. AUTOINSTSIGWCCPUNKO 7 Tried to signal wccpd using Failed to open wccpd UID file, trying
NWN pidof because pid was not plan B. By plan B we mean that we
read using alternative method to find and
kill the process.

15. AUTOINSNOCLCFGCHAN 7 Autoinstall did not change No cluster config changes


GE cluster config - not
signalling wccpd

16. AUTOIMAGEDISAB 5 Autoinstall of image Image upgrade is not set – upgrade


upgrade is disabled will not run

17. AUTOINSTSTART 6 Autoinstall triggered DHCP triggered auto-install to start

18. AUTOINSTSCHEDULED 7 Autoinstall starting DHCP should have written the config
to the file, if we can read the config
and assemble the URLs then – start
auto-install.

19. AUTOINSTTOOLATE 6 Too late for DHCP triggered If uptime is over 10 minutes – auto-
autoinstall install will not run.

20. TKIPCNTRMEASEND 4 TKIP countermeasures End of the countermeasures timer.


ended on WLAN [uint]

21. TKIPCNTRMEASSTART 4 TKIP countermeasures Two MIC failure within pre-defined


started on WLAN [uint] period of time – countermeasures are
starting – WLAN will be disabled.

22. DOT11ISUCCESS 6 Station [mac] completed If this is a hotspot or a mac-


dot11i (tkip/ccmp) authentication MU, then there is
handshake on WLAN [uint] authentication work needed, else we
are done. Mark the MU as
successfully completed 802.11i
authentication.

23. DOT11IFAILURE 6 Station [mac] failed dot11i Failure could occur due to 4-way
(tkip/ccmp) handshake on handshake timeout; or unknown state
WLAN [uint] of authentication (HOW?); or too
many retries; or IE element is
different than during association; or
key routine returned error.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


24. TKIPMICFAILRPT 4 Station [mac] reported a MU reported MIC failure.
TKIP message integrity
check fail on WLAN [uint]

25. DOT11IKEYROTN 6 Rotating dot11i (tkip/ccmp) Broadcast key rotation starting on


keys on WLAN [uint] WLAN.

26. STATIONUNASSOC 6 Station [mac] un-associated MU is disassociated due to AP being


from radio [uint] gone for some reason; or received de-
authentication request from MU; or
switch sends de-authentication
message because of inactivity or non-
valid authentication or WPA failure or
MIC failure or AP is not found or there
is no valid Radius server or IDS
violation ; or received disassociation
request from MU.

27. TKIPMICCHECKFAIL 4 TKIP message integrity Switch reports MIC failure for MU
check failed in frame on
WLAN [uint]

28. COUNTRYCODE 5 config: setting country code New country code is set. All APs will
to [str] be reset.

29. RADIOUNADOPTED 5 [str] radio on AP [mac] un- Due to country code change or
adopted heartbeats timed-out or switch
issued reset command.

30. MAXAPCAPACITY 4 Max APs capacity reached: Cluster max AP capacity reached.
[int]

31. DISKFULL 4 "Flash Disk Full, file cannot File creation failed due to no memory.
be created

32. DFSNOVALIDHANNEL 6 "Radio [uint] unable to get a DFS is unable to find a valid channel.
valid channel, configuration
deferred

33. DFSMOVECHANNEL 6 Radio [uint] move to channel DFS is changing the radio channel.
[uint] - [uint] MHz

34. RADIORADARDETECT 4 802.11a radio on AP [mac] Radar detection notice. Channel will
found radar on channel be changed if possible.
[uint]

35. RADIODFSEND 6 Radio [uint] has completed a Radar scan complete.


DFS scan on channel [uint]

36. RADIODFSSTART 6 Radio [uint] starting a DFS Starting DFS scan.


scan on channel [uint] -
[uint] MHz

37. STATIONDENIEDAUTH 4 Station [mac] denied Radius authentication timed-out, MU


authentication : timed-out or authentication is not
unsupported authentication supported.
method
2-4 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


38. WEBAUTHSUCCESS 6 Station [mac] web Hotspot/Web authentication
authentication success on success.
WLAN [uint]

39. WEBAUTHDISC 6 Station [mac] has Hotspot MU disconnected


disconnected WLAN [uint]

40. WEBAUTHFAILED 6 Station [mac] failed web Hotspot/Web MU authentication


authentication on WLAN failure due to wrong password.
[uint]

41. EXCESSAUTHSASSOCS "4 "MU [mac] tx [uint] in IDS Excessive number of


EXCESSPROBES detect-window, filtering for disassociations or authentication
EXCESSDISASSOCS [int] seconds failures, or excessive probes, or
excessive disassociations or
EXCESSAUTHFAILS
excessive replay or decrypt failures -
EXCESS80211REPLAY MU will be disassociated.
EXCESSCRYPTOREPLAY
EXCESSDECRYPTFAILS

42. IDSNULLADDR "4 MU [mac]. Filtering for [int] IDS failure - MU will be
IDSSAMEADDR seconds disassociated.
IDSMCASTSRC
IDSWEAKWEPIV
IDSCNTRMEAS

43. IDSEVENTRADIO 4 IDS event [str] detected at Events are:


Radio [uint] • probe-requests
• association-requests
• disassociations
• authentication-fails
• crypto-replay-fails
• 80211-replay-fails
• decryption-fails
• unassoc-frames
• eap-starts
• null-destination
• same-source-destination
• multicast-source
• weak-wep-iv
• tkip-countermeasures
• invalid-frame-length

44. IDSEVENTSWITCH 4 IDS event [str] detected on Events are same as above. Violations
switch thresholds are user configurable on
IDS.

45. WLANKERBCFGCHG 6 WLAN [uint] de- Set the WLAN as not authenticated.
authenticated,
configuration changed
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


46. WLANKERBTKTEXP 6 WLAN [uint] de- Ticket couldn’t be renewed due to
authenticated, ticket could WLAN not being authenticated.
not be renewed

47. WLANKERBAUTH 6 WLAN [uint] authenticated WLAN successfully authenticated


with KDC [str], ticket valid with KDC.
for [uint] hr [uint] min [uint]
sec

48. STATIONKERBAUTH 6 "Station [mac] MU successfully authenticated with


authenticated, ticket valid KDC.
for [uint] hr [uint] min [uint]
sec

49. STATIONKERBTKTEXP 6 "Station [mac] de- KDC ticket expired.


authenticated, session
ticket expired

50. STATIONKERBIDCHG 6 "Station [mac] de- Different user failed to provide


authenticated, station adequate authentication credentials.
identity changed

51. STATIONTOTALLIMIT 4 Station [mac] denied MAX MU limit of 4096 has been
authentication : max reached.
supported stations limit
reached

52. STATIONAUTHSEQINVAL 4 Station [mac] denied Incorrect sequence number in


authentication : invalid auth authentication request.
sequence number

53. STATIONCAPERR 4 Station [mac] denied Bad ESS, IBSS or WEP settings
association to radio [uint] : provided.
802.11 capability field
unsupported

54. STATIONSHORTPREAM 4 Station [mac] denied No short preamble support on this


association to radio [uint] : MU.
Station does not support
short preamble

55. STATIONSPECMISSING 4 Station [mac] denied Missing spectrum management


association to radio [uint] : capability element.
Station missing spectrum
management capability

56. STATIONLENGTHERR 4 "Station [mac] denied Element length in assocication


association to radio [uint] : request exceeds packet size.
Malformed request,
element length exceeds
packet size

57. STATIONSSIDERR 4 Station [mac] denied ESSID length is invalid or ESSID not
association to radio [uint] : supported on radio.
[str]
2-6 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


58. STATIONNOTINACL 4 Station [mac] denied MU denied association due to ACL
association due to ACL/ violation.
MAC-Auth-Local to radio
[uint]

59. STATIONRADIOLIMIT 4 Station [mac] denied Max MU limit per radio is reached.
association to radio [uint] :
maximum Stations per radio
[uint] reached

60. STATIONWLANERR 4 Station [mac] denied WLAN is not specified by MU.


association to radio [uint] :
WLAN not specified by
station

61. STATIONTXRATES 4 Station [mac] denied Bad TX rates for MU.


association to radio [uint] :
TX rates specified by MU
are not supported

62. STATION11IMISSING 4 Station [mac] denied WPA/WPA2 element absent in


association to radio [uint] : association request from MU.
Security (Keyguard/WPA/
WPA2) info element in
association request was
missing/invalid

63. STATIONASSOC 6 Station [mac] associated to MU successfully associated to radio.


radio [uint] WLAN [uint]

64. RADIUSVLANUPDATE 6 Assigning Radius Server Raduis assigned new VLAN to MU.
specified VLAN [uint] to
station [mac] on WLAN
[uint]

65. RADIUSPOLICYFAIL 4 Unable to apply Radius Radius Server received ACCESS-


server specified parameters ACCEPT, but unable to apply the
to Station [mac] on WLAN attributes specified.
[uint]

66. EAPAUTHSUCCESS 6 Station [mac] eap (802.1x) Successful 802.1x authentication.


authentication success on
WLAN [uint]

67. MACAUTHSUCCESS 6 Station [mac] MAC Successful MAC authentication.


authentication success on
WLAN [uint]

68. EAPAUTHFAILED 6 Station [mac] failed eap Received access-reject from Radius
(802.1x) authentication on Server.
WLAN [uint]

69. MACAUTHFAILED 6 Station [mac] failed Radius MAC authentication failure


MAC authentication on
WLAN [uint]

70. RADIUSDISCREQ 6 Received Radius Disconnect Received Radius server disconnect


Request from [ip] request. What are the reasons for this
request?
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


71. RADIUSRXCOAREQ 6 Received Radius Change- Got Change of Authorization from
Of-Authorization Request Radius Server
from [ip]

72. RADIUSDISCACK 6 Sending Radius Disconnect All went well, user was removed -
ACK to [ip] msg sent to server"

73. RADIUSDISCNACK 6 Sending Radius Disconnect Didn't like the request - couldn't find
NACK to [ip] the MU - msg sent to server.

74. RADIUSTXCOAACK 6 Sending Radius Change-Of- Request for Change of Authorization


Authorization ACK to [ip] succeeded - msg sent to server

75. RADIUSTXCOANACK 6 Sending Radius Change-Of- Didn't like the request - couldn't find
Authorization NACK to [ip] the MU - msg sent to server.

76. RADIOACSSTART 6 Radio [uint] starting auto ACS is started. Called by WISP if the
channel selection scan on radio configuration if it's set for
ACS

77. RADIOACSEND 6 Radio [uint] has completed ACS is done. New channel is
an auto channel selection selected.
scan. Channel selected:
[uint]

78. RADIOADOPTED 5 [str] radio on AP [mac] Radio adoption message.


adopted

79. UNAPPROVEDAPDETECT 4 AP [uint] detected Rogue AP detected


Unapproved AP : [mac]

80. UNAPPROVEDAPREMOVE 4 Removing Unapproved AP Rogue AP is being removed from


[mac] : Last detected rogue AP table because:
detected by AP [uint] with • Rogue AP detection has been
signal strength [int] dBm disabled.
• AP is not a rogue anymore
• Entry aged out.

81. SHEALRADIODOWN 4 Radio [uint] was detected Radio has been detected as being
down. down by its neighbors.

82. SHEALACTIONTAKEN 5 Radio [uint] took self healing Self healing has been activated.
action to cover for down
neighbor

83. SHEALACTIONTAKEN 5 Radio [uint] has returned to Radio resumed active work mode
normal operation

84. SHEALACSRERUN 5 Auto Channel Select was re- Happens if we exceeded the
run for radio [uint] due to configured avg number or retries
retry threshold being
crossed

85. STATSSTATION 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] for MU# [mac] the MU has been exceeded. Each
threshold value has its own unique
thrshold setting defined by the user.
2-8 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


86. STATSRADIO 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] for radio# [str] the radio has been exceeded. Each
threshold value has its own unique
thrshold setting defined by the user.

87. STATSMODULE 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] the switch has been exceeded. Each
threshold value has its own unique
thrshold setting defined by the user.

88. STATSWLAN 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] for WLAN# [str] the WLAN has been exceeded. Each
WLAN threshold value has its own
unique thrshold setting defined by the
user.

89. DELETETRUSTPOINT 6 Trustpoint [str] is deleted Certificate trustpoint is deleted due


to user request or certificate expired.

90. DELETERSAKEY 6 Rsakey [str] is deleted Keypair is being deleted.

91. CERTSELFSIGNEDGEN 6 Selfsigned certificate Self-signed certificate has been


generated for the trustpoint generated successfully.
[str]

92. CERTREQUESTGEN 6 Certificate request Certificate request has been


generated for the trustpoint generated.
[str]

93. RSAKEYGEN 6 Rsa key [str] generated Keypair generated successfully. The
switch can maintain different key
pairs for each certificate generated.
These keys can be manually or
automatically generated.

94. CERTEXPIRED 5 Server/Ca Certificate of Certificate expiration notice


trustpoint [str] is expired

95. INVALIDCERTKEY 5 Private key imported for Each trustpoint is associated with a
trustpoint [str] is not valid certificate and RSA key. If RSA key
specified is not a valid RSA key type
(PEM or DER) this message displays.

96. INVALIDSERVCERT 5 Server Certificate imported If Server Certificate imported/


for the trustpoint [str] is specified for Trustpoint is not of PEM/
invalid DER formatted.

97. INVALIDCACERT 5 CA Certificate imported for If CA Certificate imported/specified


the trustpoint [str] is invalid for Trustpoint is not of PEM/DER
formatted.

98. INVALIDCERTCRL 5 Certificate Crl Imported for CRL is Certificate Revocation List,
trustpoint [str] is invalid issued for revoked Certificate from a
root CA authority. Wrong format of
imported CRL displays this message.

99. CERTIMPORTED 6 Server/Ca/CRL Certificate A certificate has been imported.


imported for the trustpoint
[str]
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


100. CERTKEYIMPORTED 6 Private key imported for the Key is successfully imported for
trustpoint [str] specified trust point.

101. INVALIDRSAKEY 5 Rsakey imported with the RSA Key imported is not of valid
name [str] is invalid PEM/DER format.

102. KEYDECRYPTFAILE 4 Rsakey cannot be decrypted If private key is generated using a


with the password provided pass phrase, while importing it we
need to specify it. The wrong
password can display this error.

103. ERROR 5 CERTMGR_NO_ A trustpoint cound not be generated


TRUSTPOINT: using the requested name. Ensure the
No tustpoint is configured name meets required naming
with the specified name. conventions for the trustpoint.

104. ERROR 5 CERTMGR_FILE_OP_ This internal error is triggered when


ERROR: any error occurs during write/read to
Performing file operation. certifcate file.

105. ERROR 5 CERTMGR_DIR_OP_ This error is triggered when any eror


ERROR: occurs during directory operations.
Performing directory
operation.

106. ERROR 5 CERTMGR_MEM_ALLOC_ This eror is triggered when the switch


ERROR: runs out of memory and memory
Memory allocation error. allocation fails.

107. ERROR 5 CERTMGR_INVALID_PKEY This eror is triggered when the


_FORMAT: private key imported is not in either
Invalid private key format. PEM or DER formats.
PEM and DER formatted
keys are supported.
Please check the format and
try again.

108. ERROR 5 CERTMGR_INVALID_CERT This eror is triggered when the


_FORMAT: certificate imported is not in either
Invalid certificate format. PEM or DER formats.
PEM and DER formatted
certificates are supported.
Please check the format and
try again.

109. ERROR 5 CERTMGR_INVALID_TIME: This eror is triggered when a


Certificate imported is certificate imported is either not yet
either not yet valid or is valid or is expired with respect to
expired with respect to switch time.
switch time.
Please check the switch
time and try again.
2-10 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


110. ERROR 5 CERTMGR_INVALID_ This eror is triggered when a server
SERVER_CERT: certificate imported does not match
Server certificate does not corresponding private key.
match corresponding
private key.
Please import the valid
certificate and try again.

111. ERROR 5 CERTMGR_NO_PARAMS: This error is triggered when subject


Mandatory parameters are name is not set for a trustpoint before
not set for the trustpoint. generatoing a self-signed certificate
Please set the subject-name or certificate request.
in the trustpoint context and
try again.

112. ERROR 5 CERTMGR_SELF_CERT_ An error took place during the


ERROR: generation process.
Failed to generate
selfsigned certificate.

113. ERROR 5 CERTMGR_CERT_REQ_ An error took place during the


ERROR: certificate
Failed to generate request.
certificate request.

114. ERROR 5 CERTMGR_TRUSTPOINT_ This error is triggered when the user


ENROLLED: attempts to generate a self-signed
Specified trustpoint is certificate or certificate request to a
already enrolled. trust point to which a self signed
certificate or certificate request
exists.

115. ERROR 5 CERTMGR_NO_KEYPAIR: This erorr is triggered when the user


No keypair exists with the attempts to delete a keypair that does
specified name. not exists.

116. ERROR 5 CERTMGR_KEY_PAIR_ This error is triggered when the RSA


ERROR: key generation fails.
Failed to generate RSA key.

117. ERROR 5 CERTMGR_KEY_ENC_ This error is triggered when the key


ERROR: fails to get encrypted during the key
Failed to encrypt the key. export.

118. ERROR 5 CERTMGR_KEY_DEC_ This error is triggered when the key


ERROR: fails to get decrypted during the key
Failed to decrypt the key. import.

119. ERROR 5 CERTMGR_MAX_ This error is triggered when the user


TRUSTPOINTS: tries to configure a trustpoint when
Maximum number of there are already maximum numbers
trustpoints already of truspoints configured.
configured.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


120. ERROR 5 CERTMGR_MAX_ This error is triggered when the user
KEYPAIRS: tries to configure a keypair when
Maximum number of there are already maximum numbers
keypairs already configured. of keypair configured.

121. ERROR 5 CERTMGR_LIST_ADD_ This error is triggered when adding a


ERROR: trustpoint/ key to a link list.
Failed to add the trustpoint/
key.

122. ERROR 5 CERTMGR_KEYPAIR_TRUS This error is triggered when a


TPOINT_EXISTS: specified keypair has been
Specified keypair has been associated to one/more trustpoints.
associated to one/more
trustpoints.
Please delete the
associated trustpoint and
then delete the key.

123. ERROR 5 CERTMGR_KEYPAIR_ This error is triggered when a key


EXISTS: with the specified name already
Key with the specified name exists.
already exists.

124. ERROR 5 CERTMGR_TRUSTPOINT_ This error is triggered when a


EXISTS: trustpoint with the specified name
Trustpoint with the already exists.
specified name already
exists.

125. ERROR 5 CERTMGR_CA_EXISTS: This error is triggered when the user


CA certificate already exists attempts to import a CA certificate for
for the specified trustpoint. a trustpoint to which CA certifcate
already exists.

126. ERROR 5 CERTMGR_SERVER_ This error is triggered when the user


EXISTS: attempts to import a Server
Server certificate already Certificate for a trustpoint to which
exists for the specified Server Certificate already exists.
trustpoint.

127. ERROR 5 CERTMGR_SAVE_ This error is thorwn when the


ERROR: certificate fails to get stored to
Failed to save the certificate storage.
certificate.

128. ERROR 5 CERTMGR_ENROLL_ This error is triggered when user tries


ERROR: to import a certificate for which a
Trustpoint specified is not request is not generated.
enrolled.

129. ERROR 5 CERTMGR_NO_CA: This error is triggered when user


CA certificate does not attempts to delete a CA certificate for
exists for the specified a trust point for which CA cettifictae
trustpoint. does not exist.
2-12 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


130. ERROR 5 CERTMGR_NO_SERVER: This error is triggered when user
Server certificate does not attempts to delete a Server
exists for the specified certificate for a trust point for which
trustpoint. Server cettifictae does not exist.

131. ERROR 5 CERTMGR_INVALID_PRIV_ This error is triggered when the user


KEY: imports invalid private key.
Private key imported is not
valid.

132. ERROR 5 CERTMGR_DEFAULT_ This error is triggered when the user


TRUSTPOINT_ERROR: attempts to delete the default
Default trustpoint can not trustpoint. The default trustpoint
be deleted. cannot be deleted.

133. ERROR 5 CERTMGR_DEFAULT_ This error is triggered when the user


RSAKEY_ERROR: attempts to delete the default
Default keypair can not be keypair. The default keypair cannot be
deleted. deleted.

134. ERROR 5 CERTMGR_INVALID_CERT This error is triggered when the user


_CRL: attempts to import invalid CRL.
CRL imported is not valid.

135. ERROR 5 CERTMGR_CA_CRL_ This error is triggered when the user


EXISTS: attempts to delete the CRL for a
CRL exists for the trustpoint. trustpoint for which the CA cetificate
Please delete the CRL exists.
before deleting the CA
Certificate.

136. ERROR 5 CERTMGR_NO_CA_CRL: This error is triggered when the user


CRL does not exist for the attempts to delete the CRL for a
specified trustpoint. trustpoint for which the CRL cetificate
exists.

137. ERROR 5 CERTMGR_CERT_INFO_ This error is triggered when the


ERROR: system fails to generate the
Failed to show certificate certificate information when the user
details. attempts to see the information in the
trustpoint certificate.

138. ERROR 5 CERTMGR_CERT_MAX_ THis eror is triggered when the user


SIZE: imports certificate or key of size more
File size exceeded maximum than 10240 bytes.
size( 10240 bytes ).

139. ERROR 5 CERTMGR_NO_KEY_ This error is triggered when the user


PASSWORD: imports encrypted key file without
Imported key file is entering the password.
encrypted.
Please provide the pass
phrase and try again.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


140. ERROR 5 CERTMGR_DEFAULT_ This error is triggered when the user
SERVCERT_DEL_ERROR: attempts to delete the server
Server certificate of default certificate of the default trustpoint.
trustpoint can not be Server certificate of default trustpoint
deleted. cannot be deleted.

141. ERROR 5 CERTMGR_SENDTO_ This error is triggered when the event


ERROR: bus notification of the certificate
Failed to notify rtificate/key manager events fails.
events.

153. NO INFORMATION: NEED 5 Include range is not Generated when trying to remove a
MNEMONIC FROM configured for pool [str] DHCP IP range not configured for the
ENGINEERING specified pool.

154. PANIC 5 Last reboot was caused by a The panic message is used to indicate
panic a switch restart due to a kernel crash.
Panic files are created when the
switch comes up in flash/crashinfo.
These files are visible in GUI under
Diagnostics > Panic Snapshots and
through the CLI using command
service show crash-info.

155. TRUSTPOINTDELETED 4 Trustpoint [str] associated HTTPS is configured to work with a


with https is deleted so trustpoint other than the default
https is restarted with trustpoint, and that trustpoint is
default trustpoint deleted. Specify a different
trustpoint.

156. KEYDELETED 4 Rsakey [str] associated with SSHD can be configured to use the
ssh is deleted so ssh is RSA key generated by user. If this key
restarted with default rsa is deleted, SSHD goes back to the
key default key displaying this message.
2-14 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


157. NEWLEDSTATE 6 LED state message ID [uint] Event IDs are:
from module [str] WIOS_LED_POWER_OFF = 0
WIOS_LED_POWER_ON_SELF_TES
T =1
WIOS_LED_POST_FAILED = 2
WIOS_LED_POST_SUCCEEDED = 3
/* PM Responsibe to set the
following */
WIOS_LED_SOFTWARE_FAILED = 4
WIOS_LED_SOFTWARE_SUCCEEDE
D=5
/* CC responsible to set the
following */
WIOS_LED_NO_COUNTRY_CODE_S
ET = 6
WIOS_LED_COUNTRY_CODE_SET =
7
WIOS_LED_PORT_NOT_ADOPTED =
8
WIOS_LED_PORT_ADOPTED = 9
/* Cluster responsible to set the
following */
WIOS_LED_ACTIVE_ADOPTING = 10
WIOS_LED_NO_LICENSE_TO_ADOP
T = 11
WIOS_LED_ACTIVE_FAILEDOVER =
12
WIOS_LED_ACTIVE_NOTFAILEDOVE
R = 13
/* When the following event occurs,
LED lib should set the LED state to
* WIOS_LED_POST_SUCCEEDED
provided no other prioritized events
* in the queue */
WIOS_LED_CLUSTER_DISABLED =
14
Module names are WCCP or CC or
LICENSEMGR. Those modules will
set LED state.

158. FANUNDERSPEED 4 Fan [str] under speed: [uint] Diagnostic message: Fan speed is
RPM is under limit [uint] too slow.
RPM

159. UNDERVOLTAGE 4 Voltage [dec2]V under low Diagnostic message: Voltage reading
limit [dec2]V is under low limit.

160. OVERVOLTAGE 4 Voltage [dec2]V over high Diagnostic message: Voltage reading
limit [dec2]V is over high limit.

161. LOWTEMP 6 Temp sensor [str] [dec2]C Diagnostic message: Temperature


under low limit [dec2]C reading is under low limit.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


162. HIGHTEMP 4 Temp sensor [str] [dec2]C Diagnostic message: Temperature
over high limit [dec2]C reading is over high limit.

163. OVERTEMP 0 Temp sensor [str] [dec2]C Diagnostic message: Temperature


over maximum limit [dec2]C. reading is over high limit – switch is
Shutdown switch! shutting down. Ensure problem is
diagnosed before powering back up
the switch.

164. CPULOAD 4 "One/Five/Fifteen minute When checking processor load every


average load limit 1, 5 and 15 minute, alarms are over
exceeded, value is [dec2]% limit conditions. Error exists when
limit is [dec2]% (top process average CPU load at 1, 5 and 15
[str] [dec2]%) minute intervals are more than
maximum limit (99.9 % , 98 % and
95% respectively).

165. BUFUSAGE 6 "[uint] byte buffer usage Kernel buffer usage more than
gter than expected, [uint] predefined maximums. Maximum
used, warning level limits for kernel buffer can be seen by
[uint]real “service show diag limit” command
and current status can be seen by the
“service show diag stats” command.

166. HEADCACHEUSAGE 6 "socket buffer head cache The packet buffer head cache usage
usage is greater than is more than the maximum limit of
expected, usage [uint], 11000 bytes. Reduce cache to rectify.
warning level [uint]

167. IPDESTUSAGE 6 "IP destination cache usage The number if IP destinations the
is greater than expected, switch sees. This is informative does
usage [uint], warning level not constitute any alert condition
[uint]

168. FREERAM 6 "Free RAM, [dec2]% is less This may happen if there is a memory
than limit [dec2]% leak in any of the applicationsrunning
on switch. Memory consumption can
be seen by the “service show diag
top” command. Killing the process
will free the memory required to run
at preferred limits and stop the
message.

169. RAMUSAGE 6 "[str], pid [uint], has Displays if a particular process


exceeded ram usage limit increases beyond maximum memory
[uint].[uint]%, now using allocations per process (i.e. 50% of
[uint].[uint]% the total RAM memory). Could be
from a memory leak or a process
hang. Restarting the process will
resolve the issue.

170. FDCOUNT 4 FD Usage [uint] is over limit Displays when running out of space
[uint] on the flash disk. Results when file
descriptors exceed the maximum
limit of 2500.

171. NEWLICENSE 6 Licensed AP count changed Displays when the user enters a new
to [uint] license.
2-16 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


172. OPERUP 6 Mobility is Operationally UP An informational message displaying
when Layer 3 Mobility is Enabled.

173. OPERDOWN 6 Mobility is Operationally An informational message displaying


DOWN when Layer 3 mobility is disabled.

174. MUADD 6 Station [mac]: Added to An informational message displaying


Mobility Database when a new MU is added to the
mobility database.

175. MUDEL 6 Station [mac]: Deleted from Occurs when a MU is deleted from
Mobility Database the mobility database. Can occur
when a MU is disconnected.

176. MUJOIN 6 Station [mac]: JOIN A join request from a peer is received.
received from peer [ip]

177. MUL3ROAM 6 Station [mac]: L3-ROAM Is originated by a new CS (current


received from peer [ip] switch on a different L3 network)
when a MU roams to it. The home
switch does not change for the MU.
The MU roams to same the SSID on
different switch.

178. MUREHOME 6 Station [mac]: REHOME Originated by a new CS (current


received from peer [ip] switch on the same L3 network) when
a MU roams to it. The peer switch is
new home wwitch for the MU.

179. MULEAVE 6 Station [mac]: LEAVE The current switch originates a


received from peer [ip] message and sends it to the home
switch after confirming a MU has left
its mobility domain.

180. MUCONFLICT 4 Station [mac]: Conflict in MU mobility database conflict. The


Database state MU will be de-authenticated and re-
associated to refresh the database of
all peers.

181. PEERUP 4 Peer [ip] is UP The mobility peer is up. The mobility
peer is the switch specified in the L3
mobility service list.

182. PEERDOWN 5 Peer [ip] is DOWN The mobility peer is down. Possible
causes could include:
• Connection broken with peer
• Mobility disabled on peer
• Connection close received
from peer
• Error message received from
peer.

183. PROCNORESP 4 "Process ""[str]"" is not Process monitor is not getting


responding heartbeat from process. The switch
restarts the process after the timeout
interval.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


184. PROCID 5 "Process ""[str]"" changed The process has changed its PID.
its PID from [int] to [int] Informational only.

185. PROCSTART 6 "Starting process ""[str] The process is started. Informational


only.

186. PROCRSTRT 3 "Process ""[str]"" is not Unresponsive process detected.


responding. Restarting Process will be restarted and a core
process dump will be saved to the switch.

187. PROCMAXRSTRT 1 "Process ""[str]"" reached its Too many restarts of the same
maximum number of process. The maximum number of
allowed restarts process restarts has been reached
but the system-restart is disabled or
reached maximum the number of
system restarts Default number of
process restarts is 4.

188. PROCSYSRSTRT 0 "Process ""[str]"" reached its The maximum number of process
maximum number of restarts has been reached. The
allowed restarts. Rebooting switch is going to reboot.
the system !

189. PROCSTOP 5 "Process ""[str]"" has been The switch is killing the process from
stopped the start-shell using a kill command.

190. STARTUPCOMPLETE 5 System startup complete The switch was started.

191. ADOPTEXCEED 4 "Total APs adoption The adoption level on am AP has


exceeded redundancy group exceeded the cluster adoption
authorization level in group license. Some APs will have to be
[uint], adoption count: [uint], removed. Should not happen unless
group authorization level: there are unlicensed APs on the
[uint] network.

192. PEERACTIVEUP 5 "Heartbeats getting The primary peer is observable.


exchanged with peer [ip],
group ID [uint] in active
mode

193. PEERSTAUP 5 "Heartbeats getting The standby peer is observable.


exchanged with peer [ip],
group ID [uint] in standby
mode

194. PEERACTIVEDOWN 4 "Peer [ip], with group ID Error in the update message from the
[uint] in active mode is down peer. The connection will come down.
Re-establish the connection.

195. PEERSTADOWN 4 "Peer [ip], with group ID Error in the update message from the
[uint] in standby mode is peer. The connection will come down.
down Re-establish the connection.

196. PEERACTIVEINVLCONF 1 "Peer [ip], with group ID The redundancy configuration has to
[uint] in active mode has be identical across the entire cluster.
detected with invalid Consequently, a misconfiguration has
configuration been detected.
2-18 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


197. PEERSTAINVLCONF 1 "Peer [ip], with group ID The redundancy configuration has to
[uint] in standby mode has be identical across the entire cluster.
detected with invalid Consequently, a misconfiguration has
configuration been detected.

198. PEERACTIVEOPER 5 "Peer [ip], with group ID The primary peer is fully operational.
[uint] in active mode is fully
operational

199. PEERSTAOPER 5 "Peer [ip], with group ID The standby peer is fully operational.
[uint] in standby mode is
fully operational

200. STATEDISABLED 6 The wireless module has Redundancy needs to be disabled by


changed its redundancy users to be consistent with switch
state to disabled redundancy state.

201. STATESTARTUP 6 The wireless module has Redundancy needs to be enabled by


changed its redundancy users to be consistent with switch
state to startup redundancy state.

202. STATEDISCOVERY 6 The wireless module has Discovery process has started for the
started discovering other cluster group.
members in the redundancy
group

203. STATEONLINE 6 The wireless module has Discovery is conmpleted and a


started adopting radio ports connection to peer is established.
actively

204. REDUNDANCYDISABLED 5 Redundancy protocol Redundancy is disabled


disabled

205. REDUNDANCYENABLED 5 Redundancy protocol Redundancy is enabled.


enabled

206. AUTHORIZATIONCHNGD 1 Redundancy group The License level changed. Required


authorization level changed support levels have either been
to [uint] increased or decreased.

207. BADCMD 4 "Command Execution Invalid command used in the startup


Failed, Invalid Command: config. If needed, troubleshoot
<[str]> startup config.

208. AMBIGUOUSCMD 4 "Command Execution Ambiguous command in startup


Failed, Ambiguous config. If needed, troubleshoot
Command: <[str]> startup config.

209. INCOMPLETECMD 4 "Command Execution Incomplete command in startup


Failed, Incomplete config. If needed, troubleshoot
Command: <[str]> startup config.

210. USERAUTHSUCCESS 5 User '[str]' logged in with The user has successfully logged in.
role of '[str]' from auth
source '[str]

211. USERUPDATE 6 User '[str]' updated with use A new or existing user now has a new
roles of '[str]' and allowed set or user access permissions.
access from '[str]
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


212. USERDELETE 5 User '[str]' deleted An existing user has been deleted
and removed from the list available
for switch resources.

213. AUTHNOTIFY 5 Radius server secret not User access denied. Now trying next
configured or server not auth method since the Radius server
reachable. Hence trying is not reachable or properly
next auth method configured.

214. DIAGSHELL 6 Diag shell started with Possible reasons include:


parameter [int] [str] • Testing entry from imi shell
• Normal exit from imi shell
• LINE_CODE_ERROR reading
line
• readn returned <= 0, error or
null length
• Bad header length read"
• No line body after reading
header info

215. USERAUTHFAIL 3 User '[str]' can not be Bad password used in authetnication
authenticated attempt. Attempt authentication
again using correct passowrd.

216. IFUP 6 Interface [str] is up Ethernet interface is up.

217. IFDOWN 4 Interface [str] is down Ethernet interface is down

218. DHCPIP 6 Interface [str] acquired IP Interface has aquired an IP address


address [ip]/[uint] via DHCP using DHCP.

219. DHCPDEFRT 6 Default route with gateway Default route for gateway has been
[ip] learnt via DHCP acquired through DHCP.

220. DHCPIPCHG 5 "Interface [str] changed The IP address provided by the DHCP
DHCP IP - old IP: [ip]/[uint], server is different from previous
new IP: [ip]/[uint] lease.

221. DHCPNODEFRT 5 Interface [str] lost its DHCP Interface is disabled for DHCP and
default route therefore leaving its default route to
gateway.

222. FREEFLASHDISK 6 "Free [str] file system space, The current file system space is less
[str]% is less than limit than the minimum limit of 10%. Could
result when files are saved on the
switch. Delete files when required to
create the necessary space.

223. KERNEL-4-WARNING 4 "Queue to user space full, Queue for user space full and a
packet throttled=%d warning has been generated.

224. KERNEL-4-WARNING 4 crypt: enabling


countermeasures on WLAN
%
2-20 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


225. KERNEL-4-WARNING 4 "tkip: station replay TKIP authentication failed, as
counters out of sync for counters are out of sync in TKIP
""MACSTR"". deauthing request. Validate TKIP credentials
and re-attempt.

226. KERNEL-4-WARNING 4 "aes: station replay AES authentication failed, as


counters out of sync for counters are out of sync in TKIP
""MACSTR"". deauthing request. Validate AES credentials and
re-attempt.

227. KERNEL-4-WARNING 4 PS_Decrypt:line Unknown Unknown encryption information


bcast/ucast encryption type: within the broadcast/unicast data.
%d

228. KERNEL-4-WARNING 4 "mic check failure


""MACSTR"". got:
""MACSTR"" calc:
""MACSTR

229. KERNEL-4-WARNING 4 Get_Udp_Ptr: wrong IP BAD IP packet received. If necessary,


version check IP versus expected address.

230. KERNEL-4-WARNING 4 "flowctl: bad tx_res, BAD flow control warning.


retries=%d, rate=%d

231. KERNEL-4-WARNING 4 "fc:mu removed before fc An MU has been removed before a


ack on prtl ""MACSTR flow control ACK. If required, re-
associate MU.

232. KERNEL-4-WARNING 4 "fc:dropped assoc resp pkt An association response packet has
to ""MACSTR been dropped. Validate the success
of the association attempt, and (if
needed) try again.

233. KERNEL-4-WARNING 4 "fc:mu removed before fc tx An MU has been removed before a


on prtl ""MACSTR transmission attempt could be
initiated.

234. KERNEL-4-WARNING 4 "fc:prevent tx to Transmissions to an unreachable MU


unreachable mu ""MACSTR have been prevented. If required, re-
initiate connection attempt to MU.

235. KERNEL-4-WARNING 4 "mismatch(roam?):


dest=""MACSTR

236. KERNEL-4-WARNING 4 std: pkt sent % not in ack Packet sent information is not within
queue the ACK queue.

237. KERNEL-4-WARNING 4 mgmt fc: send failed seq %d


not in ack queue

238. KERNEL-4-WARNING 4 "MACSTR"" ack q is null for The ACK queue is null for this
seq:0x%08x attempt.

239. KERNEL-4-WARNING 4 "MACSTR"" lost seq: %d,


res:%x
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


240. KERNEL-4-WARNING 4 Update_MU_State : wrong Wrong IP address information within
IP version an update MU state request. Validate
IP address information (if necesary)
and
re-attempt request.

241. KERNEL-4-WARNING 4 "PAL_ESS_Data : de-auth De-authentication was the result of a


""MACSTR"" tx'ing on transmission on a wrong (undefined)
wrong radio:""MACSTR"" radio.
should be on""MACSTR

242. KERNEL-4-WARNING 4 "pshandle:de-authing Unknown address in a control frame


""MACSTR"". unknown src- results in deauthentication.
addr in ctl frame

243. KERNEL-4-WARNING 4 received unconfigured A unconfigured VLAN ID was


VLAN id %d received. Interoperations with this
VLAN requires the correct ID.

244. KERNEL-4-WARNING 4 pal: Send_2_CC call failed


for a deauth-req

245. KERNEL-4-WARNING 4 pal: Send_2_CC call failed An MU association removal request


for mu-remove-req has failed. Attempt to remove the MU
again.

246. KERNEL-4-WARNING 4 warning: rx data from Data has been received from an
unknown portal unknown portal location. This is an
informational warning and should be
checked periodically to ensure its not
repeated and the source represents a
viable threat.

247. KERNEL-4-WARNING 4 Unreal dt( tx_pkt ) @ rate


%d: 0x%08lx - 0x%08lx =
0x%08lx\

248. KERNEL-4-WARNING 4 Unreal dt( retry ) @ %d:


0x%08lx - 0x%08lx =
0x%08lx

249. KERNEL-4-WARNING 4 Unreal delta tx-fail:


0x%08lx - 0x%08lx =
0x%08lx

250. KERNEL-4-WARNING 4 "capwap skb length


underrun: received %d,
expected %d

251. KERNEL-4-WARNING 4 "radio ""MACSTR"" lost first


frag of seq %04x till %04x

252. KERNEL-4-WARNING 4 "radio ""MACSTR"" lost seq


%u to %u

253. KERNEL-4-WARNING 4 warning: unable to queue


skb
2-22 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


254. KERNEL-4-WARNING 4 warning: rx wisp data from WISP data has been received from an
unknown portal unknown portal location. This is an
informational warning and should be
checked periodically to ensure its not
repeated and the source represents a
viable threat.

255. KERNEL-4-WARNING 4 "psp_tx_unicast dropping Unreachable MU. Ensure target MU


skb to unreachable mu is a viable MU in the wireless
""MACSTR network.

256. KERNEL-4-WARNING 4 "psp:dropped %d bytes


unicast to ""MACSTR

257. KERNEL-4-WARNING 4 "psp:deauthing ""MACSTR"" Station being de-authenticated due


due to max-tx-fails to the maximum permitted
transmission failures being
exceeded.

258. KERNEL-4-WARNING 4 Update_WHS_State: Wrong IP version creating


wrong IP version compatibility issues.

259. KERNEL-3-ERROR 3 WLAN Index is not For hotspot feature. Error is seen
supported when destination IP is check in the
WHITE IP list and WLAN index is bad.

260. KERNEL-3-ERROR 3 CCdev_read: bug in circular Index not being correctly defined and
index computation rd %d wr an index computation loop has been
%d" created.
"tot_entry %d to_read %d
rcc %d

261. KERNEL-3-ERROR 3 1. dev_read copy error rcc Read copy error encountered.
%d
ccdev : Mob CCdev_Read
copy_to_user error

262. KERNEL-3-ERROR 3 2. dev_read copy error rcc Read copy error encountered.
%d
ccdev : Mob CCdev_Read
copy_to_user error

263. KERNEL-3-ERROR 3 ccdev : CCdev_Read Read copy error encountered.


copy_to_user error

264. KERNEL-3-ERROR 3 ccdev : Handle_VLAN bad Read copy error encountered.


cmd->index %d

265. KERNEL-3-ERROR 3 ccdev : Handle_VLAN no No VLAN configuration defined for


VLAN cfg for idx %d supplied ID.

266. KERNEL-3-ERROR 3 ccdev : Handle_VLAN bad


cmd id : %d

267. KERNEL-3-ERROR 3 CCdev_Ioctl : bad ioctl_num


%d

268. KERNEL-3-ERROR 3 ccdev : CC server not up Unreachable CC Server.


Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


269. KERNEL-3-ERROR 3 Error registering ccdev An error has been encountered
registering ccdev.

270. KERNEL-3-ERROR 3 Error unregistering ccdev An error has been encountered


unregistering ccdev.

271. KERNEL-3-ERROR 3 invalid WLAN index: %d Invalid WLAN index encountered.


Verify correctness of WLAN index.

272. KERNEL-3-ERROR 3 unknown bcast/ucast Unknown or erroneous broadcast or


encryption type %d unicast encryption scheme
encountered.

273. KERNEL-3-ERROR 3 DHCP_Get_Msg_Type : bad Bad cookie encountered with


cookie DHCP_Get_Msg_Type request.

274. KERNEL-3-ERROR 3 pkt0 has not been created Packet 0 has not been created.

275. KERNEL-3-ERROR 3 device eth1/eth2 needs to Device using the switch Eth1 or Eth2
be re-installed resources requires re-installation.

276. KERNEL-3-ERROR 3 send from Linux no free skb

277. KERNEL-3-ERROR 3 Error initializing virtual A virtual device initialization error has
device been encountered.

278. KERNEL-3-ERROR 3 "MACSTR"" prtl window


wrap curr=%u, new=%u

279. KERNEL-3-ERROR 3 "MACSTR"" wisp seq %u !=


fc seq=%u setting to %u

280. KERNEL-3-ERROR 3 fc alloc:no memory for fc No memory exists currently for fc


allocs allocations.

281. KERNEL-3-ERROR 3 "MACSTR"" fc ack FC ACK timeout threshold value has


timeout:curr been exceeded.
%u,acktime=%u

282. KERNEL-3-ERROR 3 "MACSTR"" fc no prtl traffic No portal traffic detected over the
in last %d secs last “N” number of seconds.

283. KERNEL-3-ERROR 3 "flowctl : bad tx_ctl %x

284. KERNEL-3-ERROR 3 "MACSTR"" std queue: can't Transmission error encountered. FC


tx, fc blocked management currently blocked.

285. KERNEL-3-ERROR 3 "MACSTR"" can't tx, fc Transmission error encountered. FC


mgmt blocked management currently blocked.

286. KERNEL-3-ERROR 3 "Unknown fc_type = %d on Unknown fc type encountered.


""MACSTR

287. KERNEL-3-ERROR 3 "flowctl: No packets detected over portal.


num_pkts_on_portal = 0, Possible decoding error.
ac_idx = %d can't dec

288. KERNEL-3-ERROR 3 "%d not found in ack queue For TX results – sequence no found.
for ""MACSTR

289. KERNEL-3-ERROR 3 Invalid Wisp cmd id: Found bad WISP command ID when
0x%04X updating flow control results.
2-24 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


290. KERNEL-3-ERROR 3 psp update tim: alloc skb Could not allocate buffer needed to
failed send heartbeat message.

291. KERNEL-3-ERROR 3 Hotspot: Netdevice does not Valid tunnel was not found for given
exists for interface VLAN IP and VLAN tag.
%d

292. KERNEL-3-ERROR 3 Hotspot: Device is null

293. KERNEL-3-ERROR 3 Mob_Sw_To_HS : skb2tun


copy failed.

294. KERNEL-3-ERROR 3 Mob_Sw_BCMC_To_CS_T


unnels : skb2tun copy failed.

295. KERNEL-3-ERROR 3 PAL_ESS_Data: invalid data Invalid data sub type


sub type %X

296. KERNEL-3-ERROR 3 PAL_Process_ESS : 802.11 Recieved 802.11 packet with bad


data pkt too small (%d length.
bytes)

297. KERNEL-3-ERROR 3 PAL_Process_ESS: Unknown 802.11 frame type


unknown frame type %x encountered. Not necessarily data,
control or management.

298. KERNEL-3-ERROR 3 PAL_Tx_BCMC_To_Bss :


new_skb allocation failed

299. KERNEL-3-ERROR 3 VLAN id %d out of range VLAN is bigger than 4128. Sent when
trying to create broadcast for all
BSSIDs.

300. KERNEL-3-ERROR 3 "Multicast Flooding To eliminate flooding, each broadcast


Detected, limiting the should not be sent to more than 32
segments in broadcast BSSIDs.
domain to %d

301. KERNEL-3-ERROR 3 "PAL_Unicast_To_WLAN : There are no known APs for this MU.
MU ""MACSTR"" has a null
prtl

302. KERNEL-3-ERROR 3 Send_ARP_Resp: skb alloc Cannot allocate memory required to


failed send ARP response.

303. KERNEL-3-ERROR 3 PC_Rx_From_CC : CC Upper layer send packet to unknown


sending data pack to MU – for capwap path.
unknown MU

304. KERNEL-3-ERROR 3 pshandle:failed to allocate Cannot allocate packet required for


roam skbuf roam notification.

305. KERNEL-3-ERROR 3 PS_Wisp_Rx_From_CC : CC Upper layer send packet to unknown


sending data pack to MU – for legacy WISP.
unknown MU

306. KERNEL-3-ERROR 3 psp update tim: alloc skb Cannot allocate buffer required to
failed send Update TIM message to AP.

307. KERNEL-3-ERROR 3 psp store: out of memory Cannot store PSP packet.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


308. KERNEL-3-ERROR 3 dtim poll: recvd bad bss Received bad BSS in DTIM_POLL
index message. This is for legacy WISP
only.

309. KERNEL-3-ERROR 3 Get_Lower_Rate : curr = Cannot get lower rate.


%d allowed = %x

310. KERNEL-3-ERROR 3 Get_Higher_Rate : curr = Cannot get higher rate.


%d allowed = %x

311. KERNEL-3-ERROR 3 ratescale : no highest rate = Rate is set to 54 Mbps.


%x

312. KERNEL-3-ERROR 3 "ratescale : invalid attempts


= %u, pkts = %u

313. KERNEL-3-ERROR 3 fragment too big to copy:%d Got bad fragment packet.
bytes

314. KERNEL-3-ERROR 3 reassy:unknown cmd type Bad command in WISP fragmented


packet.

315. KERNEL-3-ERROR 3 error:fragment too big to WISP fragment is too big


copy:%d bytes

316. KERNEL-3-ERROR 3 PS_Frag_Send unable to If a packet is bigger than 1514, it will


alloc skb be fragmented. However, the buffer
can’t be allocated.

317. KERNEL-3-ERROR 3 PS_BCMC_Frag_Send Big BCMC packet, can’t allocate


unable to alloc skb memory for fragment.

318. KERNEL-3-ERROR 3 "rssi : bad vals ap = %d, rd = If RSSI value is bigger than 255, or
%d, rssi = %d smaller than 0 (or unknown radio),
when attempting to convert RSSI to
DBM.

319. KERNEL-3-ERROR 3 Tunnel Pre-Routing: skb


linearize failed

320. KERNEL-3-ERROR 3 Tunnel Pre-Routing: No free


skb

321. KERNEL-3-ERROR 3 Tunnel Post-Routing: No


free skb

322. KERNEL-3-ERROR 3 Tunnel_Init: can't register Tunnel initialization error


Tunnel_Pre_Routing hook encountered. Cannot register tunnel
pre-routing hook.

323. KERNEL-3-ERROR 3 Tunnel_Init: can't register Tunnel initialization error


Tunnel_Post_Routing hook encountered. Cannot register tunnel
pre-routing hook.

324. KERNEL-3-ERROR 3 null device passed to get Unavailable device has been
stats routine forwarded for statistics gathering.

325. KERNEL-3-ERROR 3 null priv pointer in get stats Stats generation failure occured
when collecting data.
2-26 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


326. KERNEL-3-ERROR 3 null device passed to probe Unavailable device incorrectly
routine forwarded to a probe routine.

327. KERNEL-3-ERROR 3 null device passed to close Unavailable device incorrectly


routine forwarded to a probe routine.

328. KERNEL-3-ERROR 3 null device passed to probe Unavailable device incorrectly


routine forwarded to a probe routine.

329. KERNEL-3-ERROR 3 VLAN_Handle_Ingress Packet received from a trunked


unable to get VLAN config interface with VLAN tag
for %s

330. KERNEL-3-ERROR 3 "VLAN_Handle_Ingress Got untagged packet on a VLAN


untagged pkt on %s interface.
dropped, no untagged VLAN
set

331. KERNEL-3-ERROR 3 VLAN_Handle_Egress: skb Missing VLAN tag in the packet that
had no VLAN tag. dropping we are sending. Should be set
already.

332. KERNEL-3-ERROR 3 PAL_Tx_BCMC_To_Wired :


skb copy failed.

333. KERNEL-3-ERROR 3 PAL_Tx_BCMC_To_Ron :


skb2ron copy failed.

334. KERNEL-3-ERROR 3 PAL_Tx_BCMC_To_Linux :


skb2ron copy failed.

335. KERN-6-INFO 6 Add WTP at N Adds a WTP entry to the table. WTP is
a CAPWAP definition for AP.

336. KERN-6-INFO 6 "Prtl <MAC>"" add @ N Adds an AP entry to the table.

337. KERN-6-INFO 6 Prtl <MAC> rem @ N Deletes an AP entry from the table.

338. KERN-6-INFO 6 mu <MAC> w/ aid N added Adds MU to an AP.


to prtl <MAC>

339. KERN-6-INFO 6 mu <MAC> w/ aid N Removes MU from an AP.


removed from prtl <MAC> -
bss_idx N

340. KERN-6-INFO 6 crypt: disabling Disabling countermeasures.


countermeasures on WLAN
N

341. KERN-6-INFO 6 "WEP Decrypt Failed ""MU Failed to decrypt WEP encrypted
MAC packet.

342. KERN-6-INFO 6 "Tkip/keyguard decrypt Tkip.Keyguard decryption failed.


failure: ""MAC"" iv32 = 0xX
iv16 = 0xX

343. KERN-6-INFO 6 "TKIP Replay check fail Replay check failure.


""MAC"" got: X expecting X

344. KERN-6-INFO 6 "ccmp decrypt failed Decryption of packet that have been
""MACSTR"" (%u bytes) encrypted using AES-CCMP failed
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


345. KERN-6-INFO 6 "aes replay check failed Replay check failed for AES-CCMP
""MAC"" got: X expected: X packet

346. KERN-6-INFO 6 qos admission control WMM admission control check


verification failed failed.

347. KERN-6-INFO 6 "rx encrypted frame from Encrypted packet received on non-
""MAC"" when policy is no encrypted WLAN.
encryption.

348. KERN-6-INFO 6 "dropping clear frame from Received packet was expected to be
""MACSTR"". policy encrypted.
requires encryption

349. KERN-6-INFO 6 "EWEP bit in WEP hdr = 1, For WEP64 and WEP128 traffic.
Expected 0 ""MAC”

350. KERN-6-INFO 6 "EWEP bit in WEP hdr = 0, For Keyguard and TKIP and CCMP
Expected 1 ""MAC traffic.

351. KERN-6-INFO 6 "AES-CCMP encrypt failed Encryption failure occurred.


""MAC

352. KERN-6-INFO 6 qos admission control Unicast packet did not pass WMM
verification failed admission control.

353. KERN-6-INFO 6 Driver - deliver to Linux Packet destined to VLAN.


VLAN N

354. KERN-6-INFO 6 rx from Linux Packet received from Linux source.

355. KERN-6-INFO 6 flowctl: no stats update for No stats available for target dropped
dropped seq N sequence.

356. KERN-6-INFO 6 "fc:dropped N consec pkts


to ""MAC”

357. KERN-6-INFO 6 "fc:mu [""MAC""] in psp, MU in PSP mode has dropped a


dropped packet N packet.

358. KERN-6-INFO 6 "MACSTR"" fc window wrap


curr=N, new=Y

359. KERN-6-INFO 6 fc allocs:q full

360. KERN-6-INFO 6 fc:allocs back down to N

361. KERN-6-INFO 6 "fc freed ack q pkt seq N, tx


time U, now Y

362. KERN-6-INFO 6 fc q extract:seq N not found Target sequence not found in target
in Y entries entries.

363. KERN-6-INFO 6 "“MAC"" fc send failure

364. KERN-6-INFO 6 "flowctl Q-Full WLAN %d,


ac %d (%d/%d)

365. KERN-6-INFO 6 "MACSTR"" std queue:alloc


failed, curr %d

366. KERN-6-INFO 6 "MACSTR"" std q:failed


2-28 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


367. KERN-6-INFO 6 "MACSTR"" fc mgmt q:alloc
failed

368. KERN-6-INFO 6 "MACSTR"" fc mgmt


q:failed

369. KERN-6-INFO 6 fc can't send

370. KERN-6-INFO 6 mgmt fc can't send

371. KERN-6-INFO 6 "MACSTR"" fc free queues

372. KERN-6-INFO 6 "MACSTR"" fc window wrap


around curr = %d, new = %d

373. KERN-6-INFO 6 Update_MU_State: wrong MU state updated, as the wrong ARP


arp prot %x protocol has been used.

374. KERN-6-INFO 6 "PAL_ESS_Data : de- Unknown MU has been


authing unknown MU deauthenticated.
""MACSTR"" on BSS
""MACSTR

375. KERN-6-INFO 6 PAL_Rx_From_WLAN

376. KERN-6-INFO 6 proxy arp resp was sent A proxy ARP response was sent.

377. KERN-6-INFO 6 PD_Tx_To_Linux

378. KERN-6-INFO 6 PD_Tx_To_Wire

379. KERN-6-INFO 6 PAL_Defrag_ESS_Data

380. KERN-6-INFO 6 PAL_Unicast_To_WLAN

381. KERN-6-INFO 6 "Non-IP pkt, no DSCP bits.


Default DSCP to 0x08

382. KERN-6-INFO 6 PAL_Unicast_From_LAN

383. KERN-6-INFO 6 from switch. Sending to


wire

384. KERN-6-INFO 6 "dropping pkt Unknown destination


src:""MACSTR""
dst:""MACSTR

385. KERN-6-INFO 6 "dropping wisp packets to WISP packets to another switch have
another switch ""MACSTR been dropped.

386. KERN-6-INFO 6 "dropping L2 wisp packets Each L2 WISP packet that was sent in
in wrong direction, the wrong direction has been
cmd=0x%04x dropped.

387. KERN-6-INFO 6 wrong arp prot %x

388. KERN-6-INFO 6 gratuitous arp from Gratuitous ARP received from target
ip=%u.%u.%u.%u address.

389. KERN-6-INFO 6 "arp resp: smac=""MACSTR


"", sip=%u.%u.%u.%u
dmac=""MACSTR
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


390. KERN-6-INFO 6 warning: rx data from Warning message stating data has
unknown portal been received from an unknown
source (portal).

391. KERN-6-INFO 6 "Rx inactive mu stats for No longer receiving stats for an
unknown/inactive mu: "" inactive or unknown MU.
MACSTR

392. KERN-6-INFO 6 "PC_Rx_From_CC (): packet Received packet was not able to
failed encryption correctly encrypt.

393. KERN-6-INFO 6 no tail room to fix for runt Runt packet fix could not be
packet accomodated.

394. KERN-6-INFO 6 "pshandle:mu ""MACSTR"" Target MU inadvertently roamed.


roamed

395. KERN-6-INFO 6 warning: rx wisp data from Warning message stating WISP data
unknown portal has been received from an unknown
source (portal).

396. KERN-6-INFO 6 ps_rx_from_cc: no portal to Received packet has no portal to


queue to queue to.

397. KERN-6-INFO 6 ps_rx_from_cc: packet Received packet was not able to


failed encryption correctly encrypt.

398. KERN-6-INFO 6 "prtl ""MACSTR"" bss %d


psp queue full with %d pkts

399. KERN-6-INFO 6 "psp:mu ""MACSTR""


authenticating

400. KERN-6-INFO 6 psp:free mu queue

401. KERN-6-INFO 6 psp:free portal queues

402. KERN-6-INFO 6 "MACSTR"" rate[%s to %s],


[%d/%d], pct:%d

403. KERN-6-INFO 6 "Tunnel_Pre_Routing:


BCAST:
dip=%u.%u.%u.%u,
VLAN=%d

404. KERN-6-INFO 6 "Tunnel_Pre_Routing:


MCAST:
dip=%u.%u.%u.%u,
VLAN=%d

405. KERN-6-INFO 6 "Tunnel_Pre_Routing:


SUBNET-BCAST:
dip=%u.%u.%u.%u,
VLAN=%d

406. KERN-6-INFO 6 "Tunnel_Pre_Routing:


DHCP: MU=%u.%u.%u.%u,
VLAN=%d
2-30 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


407. KERN-6-INFO 6 "Tunnel_Pre_Routing:
MU=%u.%u.%u.%u not
found, VLAN=%d

408. KERN-6-INFO 6 "Tunnel_Pre_Routing:


UCAST:
dip=%u.%u.%u.%u,
VLAN=%d

409. KERN-6-INFO 6 Tunnel_Post_Routing:


MU=%u.%u.%u.%u not
found

410. KERN-6-INFO 6 Tunnel_Post_Routing:


Sending packet to MU
%u.%u.%u.%u

411. KERN-6-INFO 6 %s: Unknown tunnel=%s Unknown tunnel attributes.

412. KERN-6-INFO 6 "Tunnel_Send_Pkt: Sending


out on %s,
dmac=""MACSTR

413. KERN-6-INFO 6 wrong arp prot %x Wrong ARP protocol used.

414. KERN-6-INFO 6 Tunnel_Gw_Proxyarp: Not Tunnel gateway proxy ARP not an


an ARP REQ appropriate ARP request.

415. KERN-6-INFO 6 "Tunnel_Gw_Proxyarp: ARP


REQ from MU for
IP=%u.%u.%u.%u,
gw=%u.%u.%u.%u

416. KERN-6-INFO 6 Tunnel_Gw_Proxyarp: ARP


req not for gw-ip

417. KERN-6-INFO 6 Tunnel_Deliver_To_Linux: Non IP packets dropped.


Dropping non-IP pkt

418. KERN-6-INFO 6 "%s tagged pkt on %s


dropped, port not tagged
member of %d

419. KERN-6-INFO 6 W_Host_Idle_Timeout : The wrong ARP protocol resulted in a


wrong arp prot %x host idle timeout.

420. KERN-6-INFO 6 "%s : session-timeout for Session timeout for wired host.
Wired-host ""MACSTR

421. KERN-6-INFO 6 "W_Host_Idle_Timeout : Host idle timeout for wired host


idle-timeout for Wired-host
""MACSTR

422. KERN-6-INFO 6 "create_wired_host : Wired host has been created.


Wired-host ""MACSTR""
created!

423. AUTH-3-ERR: 3 Malformed IKE identity `%s Remote ID for aggressive mode IKE
WIOS_SECURITYMGR SA cannot be decoded.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


424. AUTH-3-ERR: 3 Malformed IKE secret Pre-shared key for aggressive mode
WIOS_SECURITYMGR IKE SA cannot be decoded.

425. AUTH-3-ERR: 3 Could not force CA CA certificate could not be used as/
WIOS_SECURITYMGR certificate as a point of trust with trustpoint.

426. AUTH-3-ERR: 3 """Can not insert CA The CA certificate will not insert into
WIOS_SECURITYMGR certificate into local the local database. Either resolve
database issue with this certificate or use a
different one.

427. AUTH-3-ERR: 3 """ Message: Malformed Error displayed when checking if IKE
WIOS_SECURITYMGR IKE SA proposal security association proposal
matches.

428. AUTH-3-ERR: 3 """ Reason: Invalid protocol Invalid protocol ID. The result is a
WIOS_SECURITYMGR ID %d, should be %d malformed IKE security association
proposal.

429. AUTH-3-ERR: 3 """ Reason: Protocol %d Protocol is specified multiple times in


WIOS_SECURITYMGR given more that once IKE security association proposal. The
result is a malformed IKE proposal.

430. AUTH-3-ERR: 3 """ Reason: Invalid Transform identifier invalid. IKE


WIOS_SECURITYMGR transform identifier %d, "" security association proposal check
""should be %d will fail.

431. AUTH-3-ERR: 3 """ Reason: No key-length Variable key length cipher is specified
WIOS_SECURITYMGR proposed for "" ""variable in IKE SA proposal, but the key length
key-length cipher %s attribute is missing.

432. AUTH-3-ERR: 3 """Neither pre-shared keys There is no pre-shared key or


WIOS_SECURITYMGR nor CA certificates are "" certificates specified for tunnel.
""specified for a tunnel Ensure they are available for this
request.

433. AUTH-3-ERR: 3 """AES counter mode cannot A tunnel check has failed because of
WIOS_SECURITYMGR be used without an "" using an AES counter mode with the
""authentication algorithm authentication algorithm.

434. AUTH-3-ERR: 3 """AES counter mode cannot A tunnel check has failed because of
WIOS_SECURITYMGR be used with manual keys using an AES counter mode with
manual keys.

435. AUTH-3-ERR: 3 """Tunnel does not specify A tunnel check has failed because of
WIOS_SECURITYMGR any keying method "" ""(IKE using no keying method (i.e. IKE or
or manual) manual defined for tunnel).

436. AUTH-3-ERR: 3 "Auto-start rule does not The post auto-start rule check has
WIOS_SECURITYMGR specify single IP address "" failed. The user did not provide
""or domain name for its enough information to (remote IKE
remote peer peer and IP address) establish the
rule automatically.

437. AUTH-3-ERR: 3 Both REJECT and PASS Both the reject and pass flags for a
WIOS_SECURITYMGR defined for a rule rule are on. Policy manager use these
flag to reject or pass the rule.
2-32 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


438. AUTH-3-ERR: 3 "The AUTHENTICATION- Authentication flag must not be set
WIOS_SECURITYMGR ONLY can be specified only for DENY rule.
for "" ""PASS rules

439. AUTH-3-ERR: 3 To-tunnel specified for a Cannot set rejetct rules on To-tunnel.
WIOS_SECURITYMGR REJECT rule

440. AUTH-3-ERR: 3 No from-tunnel specified for FROM-TUNNEL cannot be null if


WIOS_SECURITYMGR an AUTHENTICATION-ONLY authentication-only flag is set.
rule

441. AUTH-3-ERR: 3 To-tunnel specified for an To-tunnel cannot be null if


WIOS_SECURITYMGR AUTHENTICATION-ONLY authentication-only flag is set.
rule

442. AUTH-3-ERR: 3 The maximum number of Max number of policy rule is 600 i.e.
WIOS_SECURITYMGR policy rules reached four times the number of maximum
tunnels.

443. AUTH-3-ERR: 3 IP protocol not specified for IP protocol not specified for this
WIOS_SECURITYMGR this service element. service element.

444. AUTH-3-ERR: 3 "Cannot insert this rule, the The selected rule cannot be used, as
WIOS_SECURITYMGR forced NAT protocol"" "" the type does not match the rule
type does not match rule protocol in effect.
protocol

445. AUTH-3-ERR: 3 Message: negotiation Following one message is reason for


WIOS_SECURITYMGR aborted this message.

446. AUTH-3-ERR: 3 """ Reason: AH can not be NAT traversal cannot be used with
WIOS_SECURITYMGR initiated with NAT-T AH mode, as it has run hash on the IP
addresses.

447. AUTH-3-ERR: 3 """ Message: malformed There is a malformed IPSec SA


WIOS_SECURITYMGR IPSec SA proposal proposal.

448. AUTH-3-ERR: 3 """ Reason: Inconsistent The current and new encapsulation
WIOS_SECURITYMGR encapsulation modes:” mode is not same. Ensure they are
“current %d, new %d” consistent.

449. AUTH-3-ERR: 3 """ Reason: unknown The encapsulation mode specified for
WIOS_SECURITYMGR encapsulation mode %d an IPSec security association is not
proposed recognized.

450. AUTH-3-ERR: 3 """ Reason: Protocol %d The encapsulation protocol is defined


WIOS_SECURITYMGR given more than once more than once in the security
association proposal

451. AUTH-3-ERR: 3 """ Message: malformed There is a malformed IPSec ESP


WIOS_SECURITYMGR IPSec ESP proposal proposal.

452. AUTH-3-ERR: 3 "Reason: No key-length A variable key length cipher is


WIOS_SECURITYMGR proposed for "" ”variable specified in IPSec ESP proposal, but
key-length cipher %s the key length attribute is missing.

453. AUTH-3-ERR: 3 """ Message: malformed Following two messages are reason
WIOS_SECURITYMGR IPSec AH proposal for this message.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


454. AUTH-3-ERR: 3 "“Reason: AH The AH authentication algorithm ID
WIOS_SECURITYMGR authentication algorithm ID does not matchthe AH transform
%s (%d) "" ""does not match being used.
AH transform %s (%d).

455. AUTH-3-ERR: 3 " Reason: No key-length A variable key length cipher is


WIOS_SECURITYMGR proposed for " specified in the IPSec AH proposal,
"variable key-length but a key length attribute is missing.
algorithm %s"

456. AUTH-3-ERR: 3 """ Could not select A proposal could noty be selected for
WIOS_SECURITYMGR proposal for IPSec SA %d the IPSec security association.

457. AUTH-3-ERR: 3 """ Message: Could not A policy rule could not be successfully
WIOS_SECURITYMGR select policy rule selected for security policy. Try a
different policy rule.

458. AUTH-3-ERR: 3 """ Message: Could not A security association could not be
WIOS_SECURITYMGR select SA from IPSec SA "" specified from the IPSec security
""proposal association proposal.

459. AUTH-3-ERR: 3 """Tunnel is already The target tunnel for the


WIOS_SECURITYMGR specified to be manually authentication request is already
keyed"") defined to be manually keyed.

460. AUTH-3-ERR: 3 """ESP tunnel is missing Supply an encryption algorithm for


WIOS_SECURITYMGR encryption and ESP tunnel. Supply a NULL attribute if
authentication "" not using encryption.
""algorithms

461. AUTH-3-ERR: 3 """ESP tunnel is missing Supply an encryption algorithm for


WIOS_SECURITYMGR encryption algorithm "" ESP tunnel. Supply a NULL attribute if
""(the NULL encryption not using encryption.
algorithm must be specified
"" ""if no encryption is
required)

462. AUTH-3-ERR: 3 """ESP NULL-NULL is Ensure ESP NULL-NULL is not


WIOS_SECURITYMGR proposed for this tunnel. "" specified for the tunnel to avoid a
""This is forbidden by RFC violation of RFC 2406.
2406."")

463. AUTH-3-ERR: 3 """AH tunnel is missing Ensure AH authentication algorithm


WIOS_SECURITYMGR authentication algorithm is supplied with AH supported tunnel.

464. AUTH-3-ERR: 3 """AH is not supported If AH is not support, use a different


WIOS_SECURITYMGR authentication mechanism.

465. AUTH-3-ERR: 3 """IPComp tunnel is missing Add compression algorithm to


WIOS_SECURITYMGR compression algorithm IPComp tunnel.

466. AUTH-3-ERR: 3 """IPComp is not supported IPComp is not supported.


WIOS_SECURITYMGR

467. AUTH-3-ERR: 3 """Anti-replay detection If a 64-bit sequence is to be used,


WIOS_SECURITYMGR must be enabled when enable anti-replay detection.
using” ""64 bit sequence
numbers.”
2-34 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


468. AUTH-3-ERR: 3 """No IPSec transform (AH Specify a AH or ESP transform for
WIOS_SECURITYMGR or ESP) specified for tunnel tunnel.

469. AUTH-3-ERR: 3 """The `per-port' or `per- Security association per-port and per-
WIOS_SECURITYMGR host' SA flags can not be "" flag attributed could not be specified
""specified for `auto-start' for an auto-start tuunel
tunnels

470. AUTH-3-ERR: 3 """Both `auto-start' and This error is generated when the user
WIOS_SECURITYMGR `dont-initiate' specified "" tries to configure both, Auto-start and
""for a tunnel dont- initate, for a tunnel at the same
time.

471. AUTH-3-ERR: 3 """Out of memory. Could not Tunnel name could not be accounted
WIOS_SECURITYMGR allocate memory for "" for due to memory constraints. Free
""tunnel name! up necessary memory.

472. AUTH-3-ERR: 3 """Malformed IKE identity The IKE secret identity used has
WIOS_SECURITYMGR `%s' for tunnel"", identity corrupt characters. Create a new one
with usable parameters.

473. AUTH-3-ERR: 3 """Malformed IKE secret for The IKE secret password used has
WIOS_SECURITYMGR tunnel corrupt characters. Create a new
secret with usable parameters.

474. AUTH-3-ERR: 3 """Extended (64 bit) "" Extended (64 bit) sequence numbers
WIOS_SECURITYMGR ""sequence numbers are not not supported for manually keyed
supported for manually tunnels. Do not use extended 64 bit.
keyed "" “tunnels

475. AUTH-3-ERR: 3 """Invalid SPI values Invalid SPI values specified for ESP
WIOS_SECURITYMGR specified for ESP: in=%08x, authentication credentials.
out=%08x

476. AUTH-3-ERR: 3 """Invalid SPI values Invalid SPI values specified for AH
WIOS_SECURITYMGR specified for AH: in=%08x, authentication credentials.
out=%08x"",

477. AUTH-3-ERR: 3 """Invalid CPI values Invalid CPI values specified for
WIOS_SECURITYMGR specified for IPComp: "" IPComp.
""in=%04x, out=%04x

478. AUTH-3-ERR: 3 """Tunnel is already The requested tunnel is already


WIOS_SECURITYMGR specified to be IKE keyed specified to be IKE keyed.

479. AUTH-3-ERR: 3 """Manual key already Manual key credentials have already
WIOS_SECURITYMGR configured been configured. Do not change their
values or use a different key.

480. AUTH-3-ERR: 3 """Malformed manual key Manual key credentials are


WIOS_SECURITYMGR for tunnel malformed and cannot be used.

481. AUTH-3-ERR: 3 """Manual key tunnel Manual key tunnel specifies


WIOS_SECURITYMGR specifies ambiguous ambiguous algorithms. Use a
algorithms different key or rectify ambiguous
algorithms.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


482. AUTH-3-ERR: 3 "Too little key material for Too little key material for manually
WIOS_SECURITYMGR manually keyed tunnel. " keyed tunnel. Update the number of
"Needs %u bytes but got bytes used.
only %u bytes"

483. AUTH-3-ERR: 3 "Too much key material for Byte limit exceeded for manual key.
WIOS_SECURITYMGR manually keyed tunnel. " Ensure the key size is not too long.
"Needs only %u bytes but
got %u bytes"

484. AUTH-3-ERR: 3 """Invalid key sizes specified Invalid key size specified. Ensure the
WIOS_SECURITYMGR key size is consistent with what is
expected.

485. AUTH-3-ERR: 3 """Algorithm key sizes Key sizes specified for unknown
WIOS_SECURITYMGR specified for unknown algorithm. Validate expected key size
algorithm before continuing.

486. AUTH-3-ERR: 3 """Key size limits specified A fixed key size must be used.
WIOS_SECURITYMGR for fixed key size "" ""cipher
%s

487. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.

488. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.

489. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.

490. AUTH-3-ERR: 3 Remote IKE peer %@%@ Remote machine where the tunnel
WIOS_SECURITYMGR terminates.

491. AUTH-3-ERR: 3 Local IKE peer %@%@ Local machine which initiates the
WIOS_SECURITYMGR tunnel.

493. AUTH-4-WARNING: 4 """The maximum number of The maximum number of active phase
WIOS_SECURITYMGR active Phase-1 SAs reached 1 security associations has been
reached.

494. AUTH-4-WARNING: 4 """The maximum number of The maximum number of active phase
WIOS_SECURITYMGR active Phase-1 negotiations 1 security associations has been
"" ""reached reached.

495. AUTH-4-WARNING: 4 """The maximum number of Maximum number of active Quick-


WIOS_SECURITYMGR active Quick-Mode Mode negotiations reached before
negotiations "" ""reached. Quick-Mode was done.
Quick-Mode not done.

496. AUTH-4-WARNING: 4 """Cannot use binary Binary formatting for syslog audit is
WIOS_SECURITYMGR formatting for syslog "" not permitted.
""auditing.

497. AUTH-4-WARNING: 4 """Cannot create audit file Audit file contect cannot be audited.
WIOS_SECURITYMGR context. Is '%s' a "" ""valid Suspected reason is invalid filename.
file name?
2-36 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


498. AUTH-4-WARNING: 4 """Could not decode Certificate could be corrupted or in
WIOS_SECURITYMGR Certificate. """"The unrecognized (wrong) format. Check
certificate may be corrupted certificate attributes or use a
or it was ""”given in different certificate.
unrecognized format ""
""(file format may be wrong)

499. AUTH-4-WARNING: 4 """Could not decode Certificate could be corrupted or in


WIOS_SECURITYMGR Certificate. """"The unrecognized (wrong) format. Check
certificate may be corrupted certificate attributes or use a
or it was ""given in different certificate.
unrecognized format ""
""(file format may be wrong)

500. AUTH-4-WARNING: 4 """Could not get subject Certificate cannot be used as an


WIOS_SECURITYMGR name from a CA certificate. IPSec authenticator, as a subject
"" ""This certificate is not name could not be extracted.
usable as an IPsec
""authenticator, and is not
inserted into loal list of ""
""trusted CAs

501. AUTH-4-WARNING: 4 """Could not set CA Could not set CA certificate to non-
WIOS_SECURITYMGR certificate to non-CRL CRL issuer. This may cause
issuer. """"This may cause authentication errors if valid CRLs are
authentication errors if valid not available.
CRLs """"are not available

502. AUTH-4-WARNING: 4 """Could not set the trusted Trusted credentials could not be set
WIOS_SECURITYMGR set for a CA certificate for certificate. Review the attributes
of the certificate or (if necessary) use
a different certificate.

503. AUTH-4-WARNING: 4 """Could not decode Certificate could be corrupted or in


WIOS_SECURITYMGR certificate. """"The unrecognized (wrong) format.
certificate may be corrupted
or it was ""given in
unrecognized format
""""(file format may be
wrong)

504. AUTH-4-WARNING: 4 """Could not lock certificate Could not lock certificate in cache.
WIOS_SECURITYMGR in cache

505. AUTH-4-WARNING: 4 """Could not insert Certificate could not be inserted into
WIOS_SECURITYMGR certificate into local local database. Review the attributes
database of the certificate or (if necessary) use
a different certificate.

506. AUTH-4-WARNING: 4 """Could not decode CRL. Certificate could be corrupted or in


WIOS_SECURITYMGR The certificate may be unrecognized (wrong) format.
""""corrupted or it was given
in unrecognized format
""""(file format may be
wrong)

507. AUTH-4-WARNING: 4 """NAT-T initial contact NAT-T initial contact notification.


WIOS_SECURITYMGR notification with IP
""""identity %@
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


508. AUTH-4-WARNING: 4 """It is recommended to use Use non-IP identities with NAT-T to
WIOS_SECURITYMGR non-IP identities with avoid ID collision.
""""NAT-T to avoid ID
collision

509. AUTH-4-WARNING: 4 "%s Phase-1 notification Phase 1 notifications may have been
WIOS_SECURITYMGR `%s' (%d) (size %d bytes) encrypted in plain text. Verify to
""""from %s%@ for protocol ensure data protection.
%s spi[0...%d[=%s"",
encrypted ? ""Encrypted"" :
""Plain-text"",

510. AUTH-4-WARNING: 4 """The maximum number of Maximum number of active Quick-


WIOS_SECURITYMGR active Quick-Mode Mode negotiations reached.
negotiations """"reached. Incoming Quick-Mode negotiation
Incoming Quick-Mode rejected.
negotiation rejected

511. AUTH-4-WARNING: 4 """%s Phase-2 notification Problems in phase II negotiations


WIOS_SECURITYMGR `%s' (%d) (size %d bytes) "" result in IKA security association
""from %s%@ for protocol deletion and QM abort.
%s spi[0...%d]=%s
""""causes IKE SA deletion
and QM abort

512. AUTH-4-WARNING: 4 """%s Phase-2 notification Phase 2 negotiation of protocol


WIOS_SECURITYMGR `%s' (%d) (size %d bytes) attributes taking palce.
""""from %s%@ for protocol
%s spi[0...%d]=%s

513. AUTH-4-WARNING: 4 """Suspicious outbound Properties of outbound IPSec rule


WIOS_SECURITYMGR IPSec rule without any appear to be suspicious. The rule may
selectors: """"the rule might nmot work.
not work at all

514. AUTH-4-WARNING: 4 """Type of the local ID %@ Properties of the key extension may
WIOS_SECURITYMGR is not KEY-ID for "" ""the not be supported. The negotiation
mamros-pskeyext and handshake of key credentials
negotiation. "" ""The may fail.
negotiation might fail.

515. AUTH-4-WARNING: 4 """Tunnel end-point %@ is a Configuration error encountered.


WIOS_SECURITYMGR link-local address, but "" Tunnel local-ip is undefined.
""tunnel local-ip is
undefined. This is a
""""configuration error!

516. AUTH-4-WARNING: 4 """% PFS group proposed Perfect Forward Secrecy (PFS) group
WIOS_SECURITYMGR for IPComp has been proposed for IP Comp.

517. AUTH-4-WARNING: 4 """Trigger for non-IP packet Request for policy dropped.
WIOS_SECURITYMGR of protocol %d. ""
""Dropping request for
policy

518. AUTH-4-WARNING: 4 """The rule is not in the A requested rule is not in active
WIOS_SECURITYMGR active configuration. "" configuration, and can therefore not
""Dropping request for be supported.Request for policy is
policy being dropped
2-38 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


519. AUTH-4-WARNING: 4 """The maximum number of The maximum number of active
WIOS_SECURITYMGR active Quick-Mode Quick-Mode negotiations has been
negotiations "" ""reached. reached. Request for policy is being
Dropping request for dropped.
policy"")

520. AUTH-4-WARNING: 4 """Malformed packet for A bad packet trigger was


WIOS_SECURITYMGR trigger. Dropping request encountered, request for policy is
for policy being dropped.

521. AUTH-4-WARNING: 4 """Malformed packet for A bad packet trigger was


WIOS_SECURITYMGR trigger. Dropping request for encountered, request for policy is
policy being dropped.

522. AUTH-4-WARNING: 4 """Certificate contains bad Certificate contains an invalid IP


WIOS_SECURITYMGR IP address: length=%d address. Validate the IP address and
either correct certificate request or
use a different certificate.

523. AUTH-4-WARNING: 4 """Certificate contains bad Certificate contains an invalid IP


WIOS_SECURITYMGR IP address: length=%d address. Validate the IP address and
either correct certificate request or
use a different certificate.

524. AUTH-4-WARNING: 4 """Could not decode Certificate could not be properly


WIOS_SECURITYMGR Certificate. "" ""The decoded. It may be corrupt. Validate
certificate may be corrupted certificate credentials before trying
or it was ""given in again.
unrecognized format ""
""(file format may be wrong)

526. AUTH-6-INFO: 6 """IKE SA [%s] negotiation IKE security association negotiation


WIOS_SECURITYMGR completed: has been completed.

527. AUTH-6-INFO: 6 """ %s using %s (%s%s - This error message displays the
WIOS_SECURITYMGR %s) stauts of IKE negotiaion that is
carried out either in main mode or
aggressive mode.

528. AUTH-6-INFO: 6 """Diffie-Hellman group %u IKE security association’s DH group.


WIOS_SECURITYMGR (%u bits)

529. AUTH-6-INFO: 6 """Lifetime: %u seconds"", IKE security association in Lifetime (in


WIOS_SECURITYMGR seconds).

530. AUTH-6-INFO: 6 """ Message: %s (%d) Informational logs on the status of


WIOS_SECURITYMGR IKE security association negotiation.

531. AUTH-6-INFO: 6 """IKE SA destroyed: An IKE security association has been


WIOS_SECURITYMGR destroyed.

532. AUTH-6-INFO: 6 """ Message: Could not Policy rule could not be properly
WIOS_SECURITYMGR select policy rule selected during authentication
attempt.

533. AUTH-6-INFO: 6 """ Reason: Reason for not selecting a policy rule.
WIOS_SECURITYMGR
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


534. AUTH-6-INFO: 6 """Message: Could not Security association could not be
WIOS_SECURITYMGR select SA from IKE SA "" selected from IKE security
""proposal association proposal.

535. AUTH-6-INFO: 6 """IPSec SA negotiations: IPSec security associations


WIOS_SECURITYMGR %u done, %u successful, completed. Percentages supplied for
%u failed number of successful attempts out of
total.

536. AUTH-6-INFO: 6 """NGM [responder]


WIOS_SECURITYMGR between %@ and %@
rejected

537. AUTH-6-INFO: 6 """ Message: No attributes Problem encountered during


WIOS_SECURITYMGR sent to client authentication attempt. No attributes
sent to client.

538. AUTH-6-INFO: 6 """ Reason: "" ""Could not Problem encountered during
WIOS_SECURITYMGR register remote access authentication attempt. Could not
client register remote access client.

539. AUTH-6-INFO: 6 """ IP address %@ assigned An IP address has been assigned to


WIOS_SECURITYMGR for client the client.

540. AUTH-6-INFO: 6 """ Message: No attributes No attributes sent to client during


WIOS_SECURITYMGR sent to client authentication attempt.

541. AUTH-6-INFO: 6 """ Reason: Could not Specific attributed could not encoded
WIOS_SECURITYMGR encode attributes during authentication attempt.

542. AUTH-6-INFO: 6 """ Reason: Could not Specific attributed could not encoded
WIOS_SECURITYMGR encode attributes during authentication attempt.

543. AUTH-6-INFO: 6 """XAUTH [Responder] Authentication responder exchange


WIOS_SECURITYMGR exchange done completed.

544. AUTH-6-INFO: 6 " Authentication done Authentication attempt completed for


WIOS_SECURITYMGR user.

545. AUTH-6-INFO: 6 """ Authentication failed Authentication attempt failed for


WIOS_SECURITYMGR user.

546. AUTH-6-INFO: 6 """ Message: Could not Configuration parameters could not
WIOS_SECURITYMGR store configuration "" be stored during authentication
""parameters attempt.

547. AUTH-6-INFO: 6 """ Reason: Out of memory Memory allocation problem


WIOS_SECURITYMGR encountered during authentication
attempt.

548. AUTH-6-INFO: 6 """ Configuration data Configuration data received during


WIOS_SECURITYMGR received: authentication attempt.

549. AUTH-6-INFO: 6 """QM notification `%s' Qucik Mode completion message.


WIOS_SECURITYMGR (%d) (size %d bytes) ""
""from %s%@ for protocol
%s spi[0...%d]=%s

550. AUTH-6-INFO: 6 """ Result: %s Quick mode result.


WIOS_SECURITYMGR
2-40 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


551. AUTH-6-INFO: 6 """ Error: %s Quick mode completion error
WIOS_SECURITYMGR message.

552. AUTH-6-INFO: 6 """IPSec SA [%s%s] IPSec security association


WIOS_SECURITYMGR negotiation completed: negotiation has been completed.

553. AUTH-6-INFO: 6 """ PFS using Diffie- PDF using DH group for the above IP
WIOS_SECURITYMGR Hellman group %u (%u Sec security association.
bits)"",

554. AUTH-6-INFO: 6 """ Local Proxy ID %@ Local proxy ID for IP Sec security
WIOS_SECURITYMGR association.

555. AUTH-6-INFO: 6 """ Remote Proxy ID %@ Remote proxy ID for IP Sec security
WIOS_SECURITYMGR association.

556. AUTH-6-INFO: 6 """ Inbound SPI: | Displays this message when the
WIOS_SECURITYMGR Outbound SPI: | Algorithm: inbound/outbound SPI for the above
IP Sec security association happens.

557. AUTH-6-INFO: 6 """ AH [%08x] | [%08x] | Authentication algorithm for the


WIOS_SECURITYMGR %s above IP Sec security association.

558. AUTH-6-INFO: 6 """ ESP [%08x] | [%08x] | ESP algorithm for the above IP Sec.
WIOS_SECURITYMGR %s%s - %s

559. AUTH-6-INFO: 6 """ IPComp [%04x] | IP Comp algorithm for the above
WIOS_SECURITYMGR [%04x] | %s IPSec security association.

560. AUTH-6-INFO: 6 """IPSec SA [Manual] IPSec security association completed.


WIOS_SECURITYMGR completed:

561. AUTH-6-INFO: 6 """ Local peer %@ Problem communicating with local


WIOS_SECURITYMGR peer during authentication attempt.

562. AUTH-6-INFO: 6 """ Remote peer %@ Problem communicating with remote


WIOS_SECURITYMGR peer during authentication attempt.

563. AUTH-6-INFO: 6 """Message: Could not Remote peer's identity could not be
WIOS_SECURITYMGR verify remote peer's identity properly identified during
authentication attempt.

AUTH-6-INFO: 6 """ User-name: %.*s User name could not be validated


WIOS_SECURITYMGR properly during authentication
attempt.

564. AUTH-6-INFO: 6 """ Message: PPP failure PPP failure during authentication
WIOS_SECURITYMGR attempt.

565. AUTH-6-INFO: 6 """ Message: Tunnel Tunnel request rejected during


WIOS_SECURITYMGR request rejected authentication attempt.

566. AUTH-6-INFO: 6 """ Reason: Out of Ran out of resources during


WIOS_SECURITYMGR resources authentication request.

567. AUTH-6-INFO: 6 """ Message: Tunnel Tunnel request aborted during


WIOS_SECURITYMGR request aborted authentication request.

568. AUTH-6-INFO: 6 """ Message: Could not PPP session could not be properly
WIOS_SECURITYMGR start PPP"") started.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


569. AUTH-6-INFO: 6 """ Message: Could not PPP session could not be properly
WIOS_SECURITYMGR start PPP started.

570. AUTH-6-INFO: 6 """ Message: No LAC IP LAC IP address not properly


WIOS_SECURITYMGR address negotiated negotiated during authentication
attempt.

571. AUTH-6-INFO: 6 """ Message: Could not Layer 2 rules could not be properly
WIOS_SECURITYMGR create L2TP rule generated during authentication
attempt.

572. AUTH-6-INFO: 6 """ Message: Could not add ARP entry could not be added during
WIOS_SECURITYMGR ARP entry authentication attempt.

573. AUTH-6-INFO: 6 """ PPP Authentication PPP authentication method for SA.
WIOS_SECURITYMGR method:

574. AUTH-6-INFO: 6 """ Virtual IP: %@ Virtual IP data insuffucient during


WIOS_SECURITYMGR authentication attempt.

575. AUTH-6-INFO: 6 """Message: No IKE SA No IKE negotiation during


WIOS_SECURITYMGR negotiations done authentication attempt.

576. AUTH-6-INFO: 6 """Reason: The Authentication credentials not


WIOS_SECURITYMGR authentication credentials properly specified during handshake.
were not """"specified,

577. AUTH-6-INFO: 6 """ or private key was Private key was not availabale during
WIOS_SECURITYMGR not available authentication attempt.

578. AUTH-6-INFO: 6 """ Attributes sent to client Authentication attributes have been
WIOS_SECURITYMGR sent to the client.

579. AUTH-6-INFO: 6 """XAUTH [Initiator] Authentication initiator exchange


WIOS_SECURITYMGR exchange done completed.

580. AUTH-6-INFO: 6 No IPSec rules configured Failed responder policy rule selection
WIOS_SECURITYMGR due to no IPSec rules being
configured.

581. AUTH-6-INFO: 6 Peer IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a peer IP address mismatch.

582. AUTH-6-INFO: 6 Local IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a local IP address mismatch.

583. AUTH-6-INFO: 6 Local IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a local IP address mismatch.

584. AUTH-6-INFO: 6 CA not trusted Failed responder policy rule selection


WIOS_SECURITYMGR due to a non-trusted CA.

585. AUTH-6-INFO: 6 Access group mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to access group mismatch.

586. AUTH-6-INFO: 6 Quick-Mode local ID Failed responder policy rule selection


WIOS_SECURITYMGR mismatch due to local ID mismatch.

587. AUTH-6-INFO: 6 Quick-Mode remote ID Failed responder policy rule selection


WIOS_SECURITYMGR mismatch due to remote ID mismatch.
2-42 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


588. AUTH-6-INFO: 6 Local IKE peer %s%@ ID Local device which initiates IKE
WIOS_SECURITYMGR %@ tunnel.

589. AUTH-6-INFO: 6 Remote IKE peer %s%@ ID Remote device where IKE tunnel
WIOS_SECURITYMGR %@ terminates

590. AUTH-6-INFO: 6 Initiator Cookie %@ Iniaitior cookie for IKE security


WIOS_SECURITYMGR association.

591. AUTH-6-INFO: 6 Responder Cookie %@ Responder cookie for IKE security


WIOS_SECURITYMGR association.

592. AUTH-6-INFO: 6 Invalid proposal Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to invlaid proposal.

593. AUTH-6-INFO: 6 Invalid protocol Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to invalid protocol.

594. AUTH-6-INFO: 6 Protocol given more than Security association selection failure.
WIOS_SECURITYMGR once Failed responder security association
selection due to protocol provided
more than once.

595. AUTH-6-INFO: 6 Invalid transform Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to invlaid transform

596. AUTH-6-INFO: 6 Invalid attribute Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to invalid attribute.

597. AUTH-6-INFO: 6 Mandatory attribute Security association selection failure.


WIOS_SECURITYMGR missing Failed responder security association
selection due to missing attribute.

598. AUTH-6-INFO: 6 Protocol mismatch Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to protocol mismatch.

599. AUTH-6-INFO: 6 Protocol mismatch with Security association selection failure.


WIOS_SECURITYMGR NAT-T Failed responder security association
selection due to protocol mismatch.

600. AUTH-6-INFO: 6 Attribute mismatch Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to attribute mismatch.

601. AUTH-6-INFO: 6 Algorithm did not match Security association selection failure.
WIOS_SECURITYMGR policy Failed responder security association
selection due to algorithm not
matching policy.

602. AUTH-6-INFO: 6 Unsupported algorithm Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection due to unsupported
algorithm.
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


603. AUTH-6-INFO: 6 Authentication method Security association selection failure.
WIOS_SECURITYMGR mismatch Failed responder security association
selection due to auth failure.

604. NO INFORMATION: NEED Unsupported authentication Security association selection failure.


MNEMONIC FROM method Failed responder security association
ENGINEERING selection due to unsupported auth
method.

605. AUTH-6-INFO: 6 Diffie-Hellman group Security association selection failure.


WIOS_SECURITYMGR mismatch Failed responder security association
selection due to DH group mismatch.

606. AUTH-6-INFO: 6 Unsupported Diffie-Hellman Security association selection failure.


WIOS_SECURITYMGR group Failed responder security association
selection due to supported DH group.

607. AUTH-6-INFO: 6 Address %@ Print configuration information


WIOS_SECURITYMGR

608. AUTH-6-INFO: 6 Valid %u seconds Informational logs for config mode


WIOS_SECURITYMGR attributes.

609. AUTH-6-INFO: 6 DNS %@ Informational logs for config mode


WIOS_SECURITYMGR attributes

610. AUTH-6-INFO: 6 WINS %@ Informational logs for config mode


WIOS_SECURITYMGR attributes

611. AUTH-6-INFO: 6 DHCP %@ Informational logs for config mode


WIOS_SECURITYMGR attributes

612. AUTH-6-INFO: 6 Subnet %@ Informational logs for config mode


WIOS_SECURITYMGR attributes

613. AUTH-6-INFO: 6 Encapsulation mode Security association selection failure.


WIOS_SECURITYMGR mismatch Failed responder security association
selection.

614. AUTH-6-INFO: 6 Key length mismatch Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection.

615. AUTH-6-INFO: 6 ESP-none/none proposed Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection.

616. AUTH-6-INFO: 6 Out of memory Security association selection failure.


WIOS_SECURITYMGR Failed responder security association
selection.

617. AUTH-6-INFO: 6 Rule not active (invalid Security association selection failure.
WIOS_SECURITYMGR interface selector?) Failed responder security association
selection.

618. AUTH-6-INFO: 6 Sequence number size Security association selection failure.


WIOS_SECURITYMGR mismatch Failed responder security association
selection.
2-44 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


619. NO INFORMATION: NEED 6 "L2TP [%s, incoming-call]
MNEMONIC FROM negotiation %s:
ENGINEERING

620. NO INFORMATION: NEED 6 "Local L2TP peer %s:%s Device where L2TP tunnel is initiated.
MNEMONIC FROM
ENGINEERING

621. NO INFORMATION: NEED 6 Remote L2TP peer %s:%s Device where L2TP tunnel is
MNEMONIC FROM terminated.
ENGINEERING

622. DAEMON-3-ERR: 3 """%s: Could not start Registration failed for any of these
WIOS_SECURITYMGR application gateway: "" services cifs, dns, ftp, netbios, sip,
""registration failed: %s. socksify or wins.

623. DAEMON-3-ERR: 3 """%s: Could not create Insufficient memory resulted in the
WIOS_SECURITYMGR application gateway: """"out failed creation of application
of memory. gateway.

624. DAEMON-3-ERR: 3 """%s: Could not create Initialization failure resulted in the
WIOS_SECURITYMGR application gateway: failed creation of application
""""initialization failed. gateway session.

625. DAEMON-3-ERR: 3 """%s: Received broken Broken configuration received.


WIOS_SECURITYMGR configuration. Ensure configuration is credible
before sending over application
gateway.

626. DAEMON-3-ERR: 3 "%s: Can't start application Application gateway could not be
WIOS_SECURITYMGR gateway: " started due to failed registration.
"registration failed; reason
%s.""

627. DAEMON-3-ERR: 3 """%s: Can't create Insufficeint space to create


WIOS_SECURITYMGR application gateway: no application gateway.
space.

628. DAEMON-3-ERR: 3 """%s: Can't create Application gateway session could


WIOS_SECURITYMGR application gateway: """"no not be created. Ensure enough space
space for connection exists interoperation over gateway.
container.

629. NO INFORMATION: NEED 3 """%s: Could not decode Configuration data could not be
MNEMONIC FROM configuration data """"for decoded. Validate the configuration
ENGINEERING service %u and try again.

630. DAEMON-3-ERR: 3 """%s: Can't start Application gateway could noty be


WIOS_SECURITYMGR application gateway: started.
""""registration failed;
reason %s.

631. DAEMON-3-ERR: 3 """Rejecting IPSec SA IPSec security association rejected.


WIOS_SECURITYMGR delete notification """"from
%s%@ since it was or
protocol %s
Syslog Messages & MU Disassociation

Number Mnemonic Severity Syslog Message Meaning / Cause


632. DAEMON-3-ERR: 3 "Rejecting IPSec SA delete Delete notification received for
WIOS_SECURITYMGR notification " rejected security association. SPI size
“from %s%@ since the SPI does not match expected value.
size %d does not match
""the expected value 4"

633. DAEMON-3-ERR: 3 """Invalid protocol %s Non-compliant protocol received for


WIOS_SECURITYMGR received for selected SA when installing security association.
""""when installing Phase-2
Quick-Mode SA

634. DAEMON-3-ERR: 3 """Could not export IKE SA IKE information within a security
WIOS_SECURITYMGR association could not be exported.

635. DAEMON-3-ERR: 3 """Could not save IKE SA IKE information within a security
WIOS_SECURITYMGR `%s association could not be saved.

636. DAEMON-3-ERR: 3 """Could not remove IKE SA IKE information within a security
WIOS_SECURITYMGR `%s association could not be removed.

637. DAEMON-3-ERR: 3 """Could not open persistent Persistent security association


WIOS_SECURITYMGR SA directory `%s directory could not be opened.

638. DAEMON-3-ERR: 3 " ""Could not read IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s'” be read.

639. DAEMON-3-ERR: 3 """Could not import IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s be imported.

640. DAEMON-3-ERR: 3 """Could not allocate IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s be allocated.

641. DAEMON-3-ERR: 3 """Rule commit failed User access rule could not be
WIOS_SECURITYMGR established. The rule could not be
permitted.

642. DAEMON-3-ERR: 3 """Removing of unused rules Switch attemoted and failed to


WIOS_SECURITYMGR failed remove user access permissions that
were not being used. Review user
access policies and amend as
needed.

643. DAEMON-5-NOTICE: 5 """%s: Shutting down. Switch shutting down.


WIOS_SECURITYMGR

644. DAEMON-5-NOTICE: 5 %s: Application gateway Application gateway has started.


WIOS_SECURITYMGR started. Informational message only.

645. DAEMON-5-NOTICE: 5 Cannot set session Session identifier ID could not be


WIOS_SECURITYMGR identifier for background established..
process. "
"Operation (setsid) failed
with error: %.100s
2-46 WS 5100 Series Switch Troubleshooting Guide

Number Mnemonic Severity Syslog Message Meaning / Cause


647. DAEMON-5-NOTICE: 5 Remote L2TP Layer 2 error generated as a result of
WIOS_SECURITYMGR implementation (Vendor unknown vendor name not matching
Name `%.*s') is ""not RFC 2661 standard.
standard-compliant: " "the
Mandatory bit (%s) of the
AVP `%s' (%d) " "does not
match RFC 2661

648. DAEMON-6-INFO: 6 """%s: Can't copy NetBIOS NOT SUPPORTED.


WIOS_SECURITYMGR scope ID; reason: ""

649. DAEMON-6-INFO: 6 %s: Can't serve connection; Existing space does not permit
WIOS_SECURITYMGR reason: no space. updates to configuration. Space must
be freed to make requested update.

650. DAEMON-6-INFO: 6 Lifetime: %u kilobytes, %u Lifetime of the IP Sec SA in both


WIOS_SECURITYMGR seconds kilobytes and seconds.

651. DAEMON-6-INFO: 6 Lifetime: %u seconds Lifetime of the IP Sec SA in seconds


WIOS_SECURITYMGR

652. DAEMON-6-INFO: 6 Lifetime: %u kilobytes Lifrtime of the IP Sec SA in kilobytes


WIOS_SECURITYMGR

654. DAEMON-6-INFO: 6 "The PPP implementation of PPP support mis-match between


WIOS_SECURITYMGR the remote L2TP client "" switch and client. Ensure the selected
""(Vendor Name `%.*s') switch authentication method is
does not handle PPP "" supported on client and try again.
""authentication method
negotiation correctly: ""
disabling EAP

655. DAEMON-2-CRIT: 2 "service %s: insufficient Existing memory space does not
WIOS_SECURITYMGR memory available, "" permit updates to configuration.
""unable to apply new Memory space must be freed to make
configuration requested update.

656. DAEMON-2-CRIT: 2 "service %s: internal error, This error message occurs when
WIOS_SECURITYMGR could not "" ""unmarshal security manager encounters a failure
configuration! while unmarshalling a configuration
for application gateways.

657. DAEMON-2-CRIT: 2 "registering HTTP APPGW HTTP gateway failure. Re-establish


WIOS_SECURITYMGR failed: %s HTTP connection.

658. DAEMON-4-WARNING: 4 """No IKE logging enabled. Login not enabled for IKE negotiation.
WIOS_SECURITYMGR The system has not ""
""been compiled with `--
enable-debug'.

2.2 MU Dissasociation Codes


The following table provides reason codes for 802.11 mobile unit disassociation.
Syslog Messages & MU Disassociation

ID 802.11 or Motorola/WPA Reason Code Description

0 REASON_CODE_80211_SUCCESS Reserved internally to indicate


success.

1 REASON_CODE_80211_UNSPECIFIED_ERROR Unspecified reason.

3 DISASSOCIATION_REASON_CODE_STATION_LEAVING_ESS Deauthenticated because


sending station has left or is
leaving IBSS or ESS.

4 DISASSOCIATION_REASON_CODE_INACTIVITY Disassociated due to inactivity.

5 DISASSOCIATION_REASON_CODE_STATION_LIMIT_EXCEEDED Disassociated because AP is


unable to handle all currently
associated stations.

6 DISASSOCIATION_REASON_CODE_CLASS_2_PKT_FROM_NON_AUTH Class 2 frame received from non-


authenticated station.

7 DISASSOCIATION_REASON_CODE_CLASS_3_PKT_FROM_NON_ASSOC Class 3 frame received from non-


associated station.

8 DISASSOCIATION_REASON_CODE_STATION_LEAVING_BSS Disassociated because sending


station has left or is leaving BSS.

9 DISASSOCIATION_REASON_CODE_STATION_NOT_AUTHENTICATED Station requesting re-association


is not authenticated with
responding station.

13 DISASSOCIATION_REASON_CODE_INVALID_INFORMATION_ELEMENT Invalid information element.

14 DISASSOCIATION_REASON_CODE_MIC_FAILURE MIC failure.

15 DISASSOCIATION_REASON_CODE_4WAY_HANDSHAKE_TIMEOUT 4-way handshake timeout.

16 DISASSOCIATION_REASON_CODE_GROUP_KEY_UPDATE_TIMEOUT Group key update timeout.

17 DISASSOCIATION_REASON_CODE_4WAY_IE_DIFFERENCE Information element in 4-way


handshake different from
associated request/probe
response/beacon.

18 DISASSOCIATION_REASON_CODE_MULTICAST_CIPHER_INVALID Multicast cipher is not valid.

19 DISASSOCIATION_REASON_CODE_UNICAST_CIPHER_INVALID Unicast cipher is not valid.

20 DISASSOCIATION_REASON_CODE_AKMP_NOT_VALID AKMP is not valid.

21 DISASSOCIATION_REASON_CODE_UNSUPPORTED_RSNE_VERSION Unsupported RSN IE version.

22 DISASSOCIATION_REASON_CODE_INVALID_RSNE_CAPABILITIES Invalid RSN IE capabilities.

23 DISASSOCIATION_REASON_CODE_8021X_AUTHENTICATION_FAILED IEEE 802.1X authentication failed.


2-48 WS 5100 Series Switch Troubleshooting Guide

ID 802.11 or Motorola/WPA Reason Code Description

44 DISASSOCIATION_REASON_CODE_PSP_TX_PKT_BUFFER_EXCEEDED Motorola defined (non-802.11


standard) code. The switch has
exceeded its time limit in
attempting to deliver buffered
PSP frames to the mobile unit
without receiving a single 802.11
PS poll or NULL data frame. The
switch begins the timer when it
sets the mobile unit’s bit in the
TIM section of the 802.11 beacon
frame for the BSS. The time limit
is at least 15 seconds. The mobile
unit is probably gone (or may be
faulty).

77 DISASSOCIATION_REASON_CODE_TRANSMIT_RETRIES_EXCEEDED Motorola defined (non 802.11


standard) codes. The switch has
exceeded its retry limit in
attempting to deliver a 802.1x
EAP message to the mobile unit
without receiving a single 802.11
ACK. The retry limit varies
according to traffic type but is at
least 64 times. The mobile unit is
either gone or has incorrect
802.1x EAP authentication
settings.
Security Issues

This chapter describes the known troubleshooting techniques for the following data protection activities:
• Switch Password Recovery
• RADIUS Authentication
• Rogue AP detection
• Firewall configuration
3-2 WS5100 Series Switch Troubleshooting Guide

3.1 Switch Password Recovery


If the switch Web UI password is lost, you cannot get passed the Web UI login screen for any viable switch
configuration activity. Consequently, a password recovery login must be used that will default your switch
back to its factory default configuration.
To access the switch using a password recovery username and password:

CAUTION Using this recovery procedure erases the switch’s current configuration and
! data files from the switch /flash dir. Only the switch’s license keys are retained.
You should be able to log in using the default username and password (admin/
superuser) and restore the switch’s previous configuration (only if it has been
exported to a secure location before the password recovery procedure was
invoked).

1. Connect a terminal (or PC running terminal emulation software) to the serial port on the front of the
switch.
The switch login screen displays. Use the following CLI command for normal login process:
WS5100 login: cli

2. Enter a password recovery username of restore and password recovery password of


restoreDefaultPassword.
User Access Verification

Username: restore

Password: restoreDefaultPasword

WARNING: This will wipe out the configuration (except license key) and user
data under "flash:/" and reboot the device

Do you want to continue? (y/n):


3. Press Y to delete the current configuration and reset factory defaults.
The switch will login into the Web UI with its reverted default configuration. If you had exported the
switch’s previous configuration to an external location, it now can be imported back to the switch.

3.2 RADIUS Troubleshooting


The issues defined in this section have the following troubleshooting workarounds:
Radius Server does not start upon enable
Ensure the following have been attempted:
• Import valid server and CA certificates
• Add a Radius client in AAA context
• Ensure that key password in AAA/EAP context is set to the key used to generate imported certificates
• DO NOT forget to SAVE!
Security Issues 3-3

Radius Server does not reply to my requests


Ensure the following have been attempted:
• Add a Radius client in AAA configuration with NIC1/NIC2 IP address
• Save the current configuration
• Ensure that Security Policy is configured for this RADIUS server.
Radius Server is rejecting the user
Ensure the following have been attempted:
1. Verify a SAVE was done after adding this user.
2. Is the user present in a group?
• If yes, check if the WLAN being accessed is allowed on the group
• Check if time of access restrictions permit the user.
Time of Restriction configured does not work
Ensure the following have been attempted:
• Ensure date on the system matches your time
Authentication fails at exchange of certificates
Ensure the following have been attempted:
• Verify that valid certificates were imported.
• If the Supplicant has "Validate Server Certificate" option set, then make sure that the right certificates
are installed on the MU.
When using another WS5100 (switch 2) as RADIUS server, access is rejected
Ensure the following have been attempted:
• Make sure that the user, group and access policies are properly defined on switch 2.
• Add a AAA client on switch 2 with NIC2 IP address of switch 1
• Save the current configuration
Authentication using LDAP fails
Ensure the following have been attempted:
• Is LDAP server reachable?
• Have all LDAP attributes been configured properly?
• Dbtype must be set to LDAP in AAA configuration
• Save the current configuration
VPN Authentication using onboard RADIUS server fails
Ensure the following have been attempted:
• Ensure that the VPN user is present in AAA users
• This VPN user MUST NOT added to any group.
• Save the current configuration
3-4 WS5100 Series Switch Troubleshooting Guide

Accounting does not work with external RADIUS Accounting server


Ensure that accounting is enabled.
• Ensure the RADIUS Accounting server is reachable
• Verify the port number being configured on accounting configuration matches that of external the
RADIUS Accounting Server
• Verify the shared secret being configured on accounting configuration matches that of the external
RADIUS Accounting Server

3.2.1 Troubleshooting RADIUS Accounting Issues


Use the following guidelines when configuring RADIUS Accounting:
1. The RADIUS Accounting records are supported only for clients performing 802.1X EAP based
authentication.
2. The user name present in the accounting records, could be that of the name in the outer tunnel in
authentication methods like: TTLS, PEAP.
3. If the switch crashes for whatever reason, and there were active EAP clients, then there would be no
corresponding STOP accounting record.
4. If using the on-board RADIUS Accounting server, one can delete the accounting files, using the 'acct
purge' command in the AAA context.
5. If using the on-board RADIUS Accounting server, the files would be logged under the: /usr/var/log/
radius/radacct/<clientIP>
In this case, the <clientIP> is the SRC IP used to send across the accounting packets in the CellController.
Typically, this depends on the IP of the Radius Accounting Server, and the CC binds to the interface, over
which the UDP packet would go out (based on the routing tables).

3.3 Rogue AP Detection Troubleshooting


Motorola recommends adhereing to the following guidelines when configuring Rogue AP detection:
1. Basic configuration required for running Rogue AP detection:
• Enable any one of the detection mechanism.
• Enable rogueap detection global flag.
2. After enabling rogueap and a detection mechanism, look in the roguelist context for detected APs. If no
entries are found, do the following:
• Check the global rogueap flag by doing a show in rogueap context. It should display Rogue AP status
as "enable" and should also the status of the configured detection scheme.
• Check for the AP flag in rulelist context. If it is set to "enable", then all the detected APs will be
added in approved list context.
• Check for Rulelist entries in the rulelist context. Verify it does not have an entry with MAC as
"FF:FF:FF:FF:FF:FF" and ESSID as "*"
3. If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not send a scan
request to an inactive or unavailable radio.
Security Issues 3-5

4. Just enabling detectorscan will not send any detectorscan request to any adopted AP. User should also
configure at least a single radio as a detectorAP. This can be done using the set detectorap command in
rogueap context.

3.4 Troubleshooting Firewall Configuration Issues


Motorola recommends adhereing to the following guidelines when dealing with problems related to
WS5100 Firewall configuration:
A Wired Host (Host-1) or Wireless Host (Host-2) on the untrusted side is not able to
connect to the Wired Host (Host-3) on the trusted side
1. Check that IP Ping from Host1/Host2 to the Interface on the Trusted Side of the WS5100 switch works.
CLI (from any context) - ping <host/ip_address>
2. If it works then there is no problem in connectivity.
3. Check whether Host-1/Host-2 and Host-3 are on the same IP subnet.
If not, add proper NAT entries for configured LANs under FireWall context.
4. After last step, check again, that IP Ping from Host1 to the Interface on the Trusted Side of the WS5100
switch works.
If it works then problem is solved.
A wired Host (Host-1) on the trusted side is not able to connect to a Wireless Host (Host-
2) or Wired Host (Host-3) on the untrusted side
1. Check that IP Ping from Host1 to the Interface on the Untrusted Side of the switch works.
2. If it works then there is no problem in connectivity.
3. Now check whether Host-1 and Host-2/Host-3 are on the same IP subnet.
If not, add proper NAT entries for configured LANs under FireWall context.
4. Once step 3 is completed, check again, that IP Ping from Host1 to the Interface on the Untrusted Side of
the switch works.
If it works then problem is solved.
Disabling of telnet, ftp and web traffic from hosts on the untrusted side does not work.
1. Check the configuration for the desired LAN under FW context (which is under configure context).
CLI - configure fw <LAN_Name>
2. Check whether ftp, telnet and web are in the denied list. In this case, web is https traffic and not http.
3. Ensure that "network policy" and "Ethernet port" set to the LAN is correct.
How to block the request from host on untrusted to host on trusted side based on packet
classification.
1. Add a new Classification Element with required Matching Criteria
2. Add a new Classification Group and assigned the newly created Classification Element. Set the action
required.
3. Add a new Policy Object. This should match the direction of the packet flow i.e. Inbound or Outbound.
4. Add the newly created PO to the active Network Policy.
3-6 WS5100 Series Switch Troubleshooting Guide

5. Associate WLAN and Network Policy to the active Access Port Policy.
Any request matching the configured criteria should take the action configured in the Classification
Element.
Network Events and Kern Messages

This chapter includes two network event tables to provide detailed information and understanding of
potential network events. These tables are:
• Table 4.1, Network Event Message/Parameter Description Lookup
• Table 4.2, Network Event Course of Action Lookup on page 4-6
Table 4.1 Network Event Message/Parameter Description Lookup

ID Event Message Parameters


0 License number Changed license level from <XX> license XX = previous license number (an integer)
change number access ports to <YY> number YY = new license number (an integer)
access ports.

1 Clock change The Wireless Switch clock was changed XX = + or -


<XX>/ <YY> seconds. YY = offset in seconds (an integer)

2 Packet discard Discarded Packet: Wrong NIC <XX> <XX> vs XX = Ethernet port that received the
[wrong NIC] <YY> from access port ZZ. packet = 1 or 2
YY = Ethernet Port that the access port
was adopted from = 1 or 2
ZZ = MAC (xx:xx:xx:xx:xx:xx) address of
the Access Port

3 Packet discard Discarded Packet: Wrong VLAN <XX> <XX> XX = VLAN that received the packet (an
[wrong VLAN] vs <YY> from access port <ZZ>. integer).
YY = VLAN the access port was adopted
from (an integer).
ZZ = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.

4 AP adopt failure Adoption <XX> failed. The MAC address XX = MAC (xx:xx:xx:xx:xx:xx) address of
[general] has been used by an existing access port. the radio or access port.

5 AP adopt failure Access port policy prevented port with MAC XX = MAC (xx:xx:xx:xx:xx:xx) address of
[policy disallow] <XX> from being adopted. the access port.

6 AP adopt failure This event and message is currently not Not applicable.
[acl disallow] configured. It will be configured in the next
service release.
4-2 WS5100 Series Switch Troubleshooting Guide

Table 4.1 Network Event Message/Parameter Description Lookup (Continued)

ID Event Message Parameters


7 AP adopt failure Access port <XX> was not adopted because XX = MAC (xx:xx:xx:xx:xx:xx) address of
[limit exceeded] maximum limit has been reached. the access port.

8 AP adopt failure License denied access port <XX> adoption. XX = MAC (xx:xx:xx:xx:xx:xx) address of
[license disallow] Maximum access ports allowed with the access port.
current license = <YY>. YY = License Level (integer).

9 AP adopt failure Access port with MAC <XX> can not be XX = MAC (xx:xx:xx:xx:xx:xx) address of
[no image] adopted because no valid firmware image the access port.
file can be found.

10 AP status [offline] Access port <XX> with MAC address <YY> XX = Name (string) of the access port.
is unavailable. <YY> = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.

Taking access port <XX> with MAC address XX = Name (string) of the access port.
<YY> offline. <YY> = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.

11 AP status [alert] Access port <XX> with MAC address <YY> XX = Access port name (string).
is in Alert status due to country not set. YY = Access port MAC (xx:xx:xx:xx:xx:xx)
address.

Access port <XX> with MAC address <YY> XX = Access port name (string)
is in Alert status. <YY> = Access port MAC
(xx:xx:xx:xx:xx:xx) address.

12 AP status Adopted an access port <XX>. XX = MAC (xx:xx:xx:xx:xx:xx) address of


[adopted] the access port.

Radio <XX> with Mac <YY> is adopted. XX = Access port name (string).
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.

13 AP status [reset] Radio <XX> with MAC <YY> was reset. XX = Name (string) of the radio.
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the radio.

Reset the access port <XX>. XX = MAC (xx:xx:xx:xx:xx:xx) address of


the access port.

14 AP config failed Radio <XX> <YY> no ESS - configuration XX = Name (string) of the radio.
[wrong ESS] FAIL. YY = MAC (xx:xx:xx:xx:xx:xx) address of
the radio.

15 AP max MU count MUs for this RF port are over margin: <XX>. XX (integer ) = Number of MUs associated
reached to this access port.

16 AP detected Detected a new access port <XX>. XX = MAC (xx:xx:xx:xx:xx:xx) address of


the access port.
Network Events and Kern Messages 4-3

Table 4.1 Network Event Message/Parameter Description Lookup (Continued)

ID Event Message Parameters


17 Device msg Dropping DeviceInfo message from <XX> XX = MAC (xx:xx:xx:xx:xx:xx) address of
dropped [info] whose parent is <YY>. the access port.
debug YY = MAC (xx:xx:xx:xx:xx:xx) address of
the switch to which the access port is
adopted.

18 Device msg Dropping Loadme message from <XX> XX = MAC (xx:xx:xx:xx:xx:xx) address of
dropped [loadme] whose parent is <YY>. the access port.
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the switch to which the access port is
adopted.

19 Ether port Ethernet Port <XX> is connected. XX = Ethernet port number 1 or 2.


connected

20 Ether port Ethernet port <XX> disconnected. XX = Ethernet port number 1 or 2.


disconnected

21 MU assoc failed ACL denied MU (XX) association. XX = MU MAC (xx:xx:xx:xx:xx:xx) address.


[ACL violation]

22 MU assoc failed Access port refused MU <XX> association. XX = Wireless client MAC
Error <YY>. (xx:xx:xx:xx:xx:xx) address.
<YY> = Reason code number (integer).

23 MU status Mobile Unit <XX> was associated to access XX = MAC (xx:xx:xx:xx:xx:xx) address of
[associated] port <YY>. the MU.
YY = Name (string) of the access port.

24 MU status Mobile Unit <XX> with MAC <YY> roamed XX = Name (string) of the MU.
[roamed] from access port <ZZ> to (Name of the YY = MAC (xx:xx:xx:xx:xx:xx) address of
access port to which the Mobile Unit the MU.
roamed).
ZZ = Name (string) of the access port the
MU roamed from.

25 MU status Mobile Unit <XX> with MAC address <YY> XX = Name (string) of the mobile unit.
[disassociated] was disassociated. Reason code <ZZ>. YY = MAC (xx:xx:xx:xx:xx:xx) address of
the mobile unit.
ZZ = Reason (integer) code number.

26 MU EAP auth MU <XX> failed to authenticate with XX = MAC (xx:xx:xx:xx:xx:xx) address of


failed RADIUS server. the mobile unit.

27 MU EAP auth Mobile unit <XX> successfully XX = MAC (xx:xx:xx:xx:xx:xx) address of


success authenticated with EAP type <YY>, the mobile unit.
authentication valid for <ZZ> minutes. YY = EAP (integer) type
ZZ = number (integer) of minutes.
4-4 WS5100 Series Switch Troubleshooting Guide

Table 4.1 Network Event Message/Parameter Description Lookup (Continued)

ID Event Message Parameters


28 MU Kerberos auth MUs failed to authenticate with the KDC at [MAC address of MU]
failed <MU_MAC_address> (Error code <code>). [MAC xx:xx:xx:xx:xx of Radius server]
[port on Radius server]
[radius error code]

29 MU Kerberos auth MUs failed authentication via Kerberos. [MAC address of MU]
success [Error code <code>] [Radius error code]
Mobile Unit with MAC [MAC address of MU]
<MU_MAC_address> successfully
[# minutes authentication is valid for].
authenticated via Kerberos - authentication
expires in <#> minutes.

30 MU TKIP [decrypt MU <MU_MAC_address> has high decrypt [MAC address of MU (in 6 octets)]
failure] failure rate.

31 MU TKIP [replay MU <MU_MAC_address> has high replay [MAC address of MU (in 6 octets)]
failure] failure rate.

32 MU TKIP [MIC MIC validation failed for MU %s on ESS [MAC address of MU]
error] <ID>. [ESSID with which MU is associated]

33 WLAN auth "WLAN <WLAN_name> (ESS <ESS ID>) [WLAN name]


success successfully authenticated with KDC at [ESSID]
<KDC MAC_address><KDC port>.
[MAC xx:xx:xx:xx:xx of KDC server]
[port on KDC server]

34 WLAN auth failed WLAN <WLAN name> (ESS <ID>) could not [WLAN name]
be authenticated with KDC at <KDC MAC [ESSID]
address> <port> after <#> attempts - still
[MAC xx:xx:xx:xx:xx of KDC server]
trying...
[port on KDC server]
[number of attempts]

35 WLAN max MU ACL denied MU (%s) association. [MAC address of MU]


count reached

36 Mgt user auth GUI/CLI User userid Authentication Failure: userid = string
failed [radius] User userid rejected by Radius server RADIUS server hostname/IP address =
RADIUS server hostname/IP address. string

37 Mgt user auth NOT USED


rejected

38 Mgt user auth User userid authenticated locally. userid = string


success [radius] User userid successfully authenticated by RADIUS server hostname/IP address =
Radius server RADIUS server hostname/IP string
address.

39 Radius server Radius server %s is unreachable. [radius server name]


timeout
Network Events and Kern Messages 4-5

Table 4.1 Network Event Message/Parameter Description Lookup (Continued)

ID Event Message Parameters


40 KDC user [added] Adding KDC User:<username> [user name][
time:<timestamp>. timestamp]

41 KDC user Changed KDC User:<username> [user name]


[changed] time:<timestamp>. [timestamp]

42 KDC user [deleted] Removed KDC User:<username> [user name]


time:<timestamp>. [timestamp]

43 KDC DB replaced Replaced KDC DB:Modified Locally.


Replaced KDC DB:Modified by SEMM.

44 KDC propagation KDC Propgation fails on host (<host name>). [host-name]


failure KDC Propgation fails!

45 WPA counter- Began WPA counter-measures for WLAN [name of WLAN]


measures [active] <WLAN name> (ESS <ESS ID>). [ESSID]

46 Primary lost Primary lost heartbeat(s).


heartbeat

47 Standby active Fail-over took place, Standby machine is


now in Active state.

48 Primary internal Primary internal failure, Resetting.


failure [reset]

49 Standby internal Standby internal failure, Resetting.


failure [reset]

50 Standby auto- Standby Auto Reverting


revert

51 Primary auto-revert Primary Auto Reverting

52 Auto channel ACS failed to find a valid channel, err [Channel#]


select error <channel #>. MAC address of the access port =
ACS failed to find a valid channel. Reusing xx:xx:xx:xx:xx:xx
existing channel <channel #>. Channel = integer
ACS success. Setting radio MAC address of
the access port to channel.

53 Emergency Policy Emergency Switch Policy Emergency Switch Emergency Switch Policy = string
[active] Policy is activated.

54 Emergency Policy Emergency Switch Policy Emergency Switch Emergency Switch Policy = string
[deactivated] Policy is deactivated. [previous de-activated policy name]
"Emergency Switch Policy %s is
deactivated."

55 Low flash space on Found disk=”<percent disk spaced used>” percent disk spaced used = decimal
switch-alert USED disk-space - VACUUMing Database in (xx.xx)
5 secs to free-up space
4-6 WS5100 Series Switch Troubleshooting Guide

Table 4.1 Network Event Message/Parameter Description Lookup (Continued)

ID Event Message Parameters


56 Miscellaneous Internal Failure, out of ethernet buffers.
debug events The license key on a WS-Lite cannot be
KerberosWlanAuth upgraded.
Operation::OnStart WSLiteValidation:FAILURE:%s is invalid [XML error string(if any)]
() %d-port license for WS-Lite. [number of radios (APs) in-use]
RADIO_TYPE_FH EtherPortManager::EnsureNoCollisions(FO
!= pRadio- UND PROBLEM: %s). [string containing explanation of collision
>GetType()
Etherport policies \"%s\" and \"%s\" are on in policy]
NULL == pCountry- the same subnet(%d). " [policy name] [policy
>GetFHInfo() name]
CWlan::KerberosCl Began authentication process for WLAN %s
ientAuth() (ESS %s) with KDC %lu.%lu.%lu.%lu..."
[WLAN name][ESSID string][KDC MAC].
"Mobile Unit \"%s\" successfully
authenticated with %s" (+) ", authentication
valid for %d minutes" (or) ", no re-
authentication period set" [MAC of
MU][EAP type][# of minutes]
"No valid channel for 802.11%s radio.
Adoption is denied." [type of radio (“A” or
“B” or “FH”)]
"No valid country info for 802.11%s radio.
Adoption is denied." [type of radio (“A” or
“B” or “FH”)]
"Began authentication process for WLAN
%s (ESS %s) with KDC '%s'... [name of
WLAN][ESSID][KDC Server Hostname]
"End WPA counter-measures for WLAN %s
(ESS %s)" [name of WLAN][ESSID]

Table 4.2 provides a list of the same events shown in Table 4.1 , but with additional information and
suggestive actions to resolve or understand an event.
Table 4.2 Network Event Course of Action Lookup

ID Event Description Possible Course of Action


0 License number A license key was entered to change the number This event can only occur by entering
change of access ports the switch can adopt. a license key.

1 Clock change The date/time setting was changed on the This event can only occur by
switch changing the date/time.
Network Events and Kern Messages 4-7

Table 4.2 Network Event Course of Action Lookup (Continued)

ID Event Description Possible Course of Action


2 Packet discard When an access port is adopted, the switch The access port may have been
[wrong NIC] remembers which Ethernet port the access port removed and reconnected to another
was adopted from. The switch will only accept part of the network that is connected
data from that access port through the Ethernet to the other Ethernet port of the
port which it was adopted from. If the switch switch. Or, the access port’s logical
receives data from that access port on another connection to the network has
Ethernet port, it will be discarded. changed, causing it to be connected
to the other Ethernet port of the
switch. If this is intentional, the
access port must first be removed
from the switch and readopted
through the new Ethernet port. If this
is unintentional, reconnect the
access port to the Ethernet port that
it was adopted through.

3 Packet discard If an Ethernet port is configured for 802.1q The access port may have been
[wrong VLAN] trunking when an access port is adopted, the removed and reconnected to another
switch remembers which VLAN the access port part of the network that is connected
was adopted from. The switch will only accept to the other Ethernet port of the
data from that access port through the VLAN switch. Or, the access port’s logical
which it was adopted from. If the switch receives connection to the network has
data from that access port on another VLAN, it changed, causing it to be connected
will be discarded. to the other Ethernet port of the
switch. If intentional, the access port
must be removed from the switch
and readopted through the new
Ethernet port. If unintentional,
reconnect the access port to the
Ethernet port that it was adopted
through.

4 AP adopt failure An access port’s request to be adopted has been Confirm that there are actually two
[general] rejected because there is already another access access ports with the same MAC
port with the same MAC address currently active address and contact Motorola
on the switch. Customer Support.

5 AP adopt failure An access port’s request to be adopted has been If the switch is to adopt the access
[policy disallow] rejected because the Switch is configured to port, either manually adopt it by
deny adoption of access ports. including it in the “include list” of the
adoption list or by configuring the
Switch to “allow adoption” of access
ports.

6 AP adopt failure The access port’s request for adoption was If the switch is to adopt the access
[acl disallow] rejected because the access port is in the port, remove the access port from the
exclude list of the adoption list. “exclude list” of the adoption list.

7 AP adopt failure Switch ran out of licenses or, albeit unlikely, the There are more AP devices than there
[limit exceeded] switch ran out of memory to create a radio- are licenses. Either remove the extra
object. APs or purchase more licenses.
4-8 WS5100 Series Switch Troubleshooting Guide

Table 4.2 Network Event Course of Action Lookup (Continued)

ID Event Description Possible Course of Action


8 AP adopt failure Switch ran out of licenses and could not adopt There are more AP devices than there
[license disallow] this AP. are licenses. Either remove the extra
APs or purchase more licenses.

9 AP adopt failure It seems that the switch does not have a valid AP From your Web UI, go to “System
[no image] image firmware file to download onto the AP. Settings > Firmware Management >
Available Images…” and make sure
there is an image for AP’s model.

10 AP status [offline] • This access port has been unavailable for a Unavailable means that the switch
long time. has not been able to communicate
• The status of this access port has changed to with this access port for more than
Unavailable. 10 seconds.

11 AP status [alert] The status of the access port has changed to • The country code for the Switch
Alert. has to be set to something other
than “None” (default) before an
access port can be adopted. Until
then, all access ports will be at
“Alert” status.
• The access port needs attention.
Look for other Event Notification
messages for details.
12 AP status The status of the access port has changed to
[adopted] Alert.

13 AP status [reset] Lost heartbeat.

14 AP config failed There are no in-use WLANs configured on this This access port will have an Alert
[wrong ESS] switch. status until it is configured with an
Access Port Policy with a valid
WLAN. If the WLAN is using
Kerberos security, check that the
WLAN is authenticated by the KDC.

15 AP max MU count An access port has reached the maximum limit of When the limit has been reached, the
reached 128 MUs which can associate to a single access access port will not allow any
port. additional MUs to associate.

16 AP detected A new access port was detected.

17 Device msg A DEVICEINFO message is received from an AP There may be multiple Primary and
dropped [info] (with the AP configuration), but the AP claims to Active WS5100s on the same
have another switch as parent. physical subnet. Either remove the
extra switches or configure them for
“Hot Standby” operation.

18 Device msg A LOADME request is received from an AP (a There may be multiple Primary and
dropped [loadme] WSAP-50xx), but the AP claims to have another Active WS5100s on the same
switch as parent. physical subnet. Either remove the
extra switches or configure them for
“Hot Standby” operation.
Network Events and Kern Messages 4-9

Table 4.2 Network Event Course of Action Lookup (Continued)

ID Event Description Possible Course of Action


19 Ether port A previously disconnected Ethernet port was re- If you see excessive amounts of this
connected connected. message you may have a cable or
switch hardware problem.

20 Ether port A previously connected Ethernet port was If you see excessive amounts of this
disconnected disconnected. message you may have a cable or
switch hardware problem.

21 MU assoc failed This MU was rejected as it requested to If this is not intentional check your
[ACL violation] associate to the WLAN with an Access Control Access Control List and make sure
List. this MAC address is not rejected by
policy.

22 MU assoc failed This message cannot be due to REASON CODE Either incorrect security policy is
80211 STATION LIMIT EXCEEDED applied or policy is configured
incorrectly.

23 MU status A MU associated to an access port. None


[associated]

24 MU status A MU roamed from to another access port. Refer to reason codes table for an
[roamed] explanation.

25 MU status A MU disassociated from an access port.


[disassociated]

26 MU EAP auth A MU EAP authentication request failed. Invalid username or password. Login
failed again.

27 MU EAP auth A MU EAP authentication request succeeded.


success

28 MU Kerberos auth A MU Kerberos authentication request failed


failed

29 MU Kerberos auth A MU Kerberos authentication request


success succeeded.

30 MU TKIP [decrypt The switch has encountered high levels of This could be suspicious. If this is a
failure] sequential decrypt failures with this MU. known MU, it should be re-
associated.

31 MU TKIP [replay The switch has encountered high levels of


failure] sequential decrypt failures with this MU.

32 MU TKIP [MIC This MU has failed a MIC encryption. This could


error] potentially be an attempt to break security. If this
is detected twice within 60 seconds, the switch
will implement WPA countermeasures.

33 WLAN auth
success

34 WLAN auth failed


4-10 WS5100 Series Switch Troubleshooting Guide

Table 4.2 Network Event Course of Action Lookup (Continued)

ID Event Description Possible Course of Action


35 WLAN max MU This is an incorrect message. It is not really the
count reached ACL that denied association; it is really that the
802.11 limit has been exceeded.

36 Mgt user auth Management user not authenticated on the


failed [radius] switch’s local user database.
Management user not authenticated on the
remote RADIUS server database.

37 Mgt user auth [UNUSED]


rejected

38 Mgt user auth Management user successfully authenticates on


success [radius] the switch’s local user database.
Management user successfully authenticates on
the remote RADIUS user database.

39 Radius server Check your Radius server


timeout configuration on the switch.

40 KDC user [added]

41 KDC user
[changed]

42 KDC user [deleted]

43 KDC DB replaced

44 KDC propagation Host name is unknown.


failure

45 WPA counter- The switch will be “down” for a short length of


measures [active] time and then come back up to re-associate
MUs.

46 Primary lost The Primary switch in Standby mode did not If this event occurs but failover does
heartbeat receive monitoring heartbeats from the Standby not occur, then there is possible
switch. congestion on the network causing
the heartbeats to be lost. Also, look
for other events prior to the lost
heartbeats that might indicate a
problem, such as Ethernet port
disconnected.

47 Standby active The Standby switch has changed its state from A failover has occurred.
Monitoring to Active.

48 Primary internal
failure [reset]

49 Standby internal
failure [reset]
Network Events and Kern Messages 4-11

Table 4.2 Network Event Course of Action Lookup (Continued)

ID Event Description Possible Course of Action


50 Standby auto- The Standby switch is auto-reverted from Active
revert to Monitoring. This event is reported by the
Standby switch.

51 Primary auto-revert The Primary wireless switch is auto-reverted


from Halted to Connected. This event is reported
by the Primary wireless switch.

52 Auto channel Misleading text. It is the Channel#, not an error,


select error that is in the string.

53 Emergency Policy The Emergency Switch Policy is activated.


[active]

54 Emergency Policy The Emergency Switch Policy is deactivated.


[deactivated]

55 Low flash space on The used disk space exceeds 80%. This will be Remove any unused policies, ACLs,
switch-alert reported approximately every five hours. user names, files, etc.

56 Miscellaneous Case Switch will need to re-boot and


debug events ASEVENT_EVENT_PSD_REBOOT_NOBDOS should do so within 120 seconds.
KerberosWlanAuthOperation::OnStart()
RADIO_TYPE_FH != pRadio->GetType()
NULL == pCountry->GetFHInfo()
CWlan::KerberosClientAuth()
4-12 WS5100 Series Switch Troubleshooting Guide

4.1 KERN Messages


Table 4.3 Kern Messages

Module Message Description


ccdev.c PKT_INFO( ""Prtl ""MACSTR"" rem @ %d"", Radio ( portal ) is removed from packet driver
MAC2STR( prtls[ idx ].cfg.addr ), idx );’ due to inactivity."

ccdev.c PKT_INFO( ""mu ""MACSTR"" w/ aid %d added A mobile unit with the given mac address has
to prtl ""MACSTR,); been added to radio <mac>.

ccdev.c PKT_ERR( ""ccdev : %s bad cmd->index %d"", Another program module tried to set a
__FUNCTION__, cmd->index ); command on a non-existing ethernet port. This
is to guard against programming errors. This
should not happen in the field.

ccdev.c PKT_ERR( ""ccdev : %s no vlan cfg for idx %d"", Another program module tried to set a
__FUNCTION__, cmd->index ); command on non-existing vlan devices. This is
to guard against programming errors. This
should not happen in the field.

ccdev.c PKT_ERR( ""ccdev : %s bad cmd id : %d"", Another program module tried to set a
__FUNCTION__, cmd->id ); command for a vlan device, but the command is
not known to the packet driver. This is to guard
against programming errors. This should not
happen in the field.

ccdev.c PKT_ERR( ""%s : bad ioctl_num %d"", Another program module sent a general
__FUNCTION__, ioctl_num ); command that is not known to the packet driver
This is to guard against programming errors.
This should not happen in the field.

ccdev.c PKT_ERR( ""ccdev : CC server not up"" ); The packet driver received a packet that is
destined to cell controller server, and has
detected that cell controller server is not up and
running. This can happen if cell controller server
has crashed.

ccdev.c PKT_WARN( ""Queue to user space full, packet The queue from packet driver to the cell
throttled=%d"", rd_list_dropped ); controller server is full and additional packets
destined for the cell controller are being
receieve. The queue limit is 1000 packets for
the WS5100 switch. This can happen if cell
controller process has died and the packet
driver did not detected this. As a result, the
system is flooded with packets that require
processing by the cell controller.

crypt.c PKT_WARN( ""crypt: enabling countermeasures A condition has triggered counter measures on
on wlan %d"", wlan_idx ); the specified WLAN.

crypt.c PKT_INFO( ""crypt: disabling countermeasures A condition has been satified to disable counter
on wlan %d"", wlan_idx ); measures on the specified WLAN.

crypt.c PKT_INFO( ""WEP Decrypt Failed Decryption failed for the specified mobile MAC
""MACSTR""\n"", MAC2STR( mu->cfg.addr ) ); address.
Network Events and Kern Messages 4-13

Table 4.3 Kern Messages (Continued)

Module Message Description


crypt.c PKT_INFO( ""%s decrypt failure: ""MACSTR"" Detailed failure on WEB decrypt failure.
iv32 = 0x%x iv16 = 0x%x\n"",);

crypt.c PKT_INFO( ""TKIP Replay check fail ""MACSTR"" TKIP: Replay check failed for the specified MAC
got: %x %x expecting:%x %x\n"",); address.

crypt.c PKT_WARN( ""tkip: station replay counters out TKIP: Station replay counters are out of sync.
of sync for ""MACSTR"". deauthing\n"",
MAC2STR( mu->cfg.addr ) );

crypt.c PKT_INFO( ""ccmp decrypt failed ""MACSTR"" CCMP: decrypt failed.


(%u bytes)\n"", MAC2STR( hdr->src ), elen );

crypt.c PKT_INFO( ""aes replay check failed AES: Replay check failed for the specified mac
""MACSTR"" got: %x%x expected:%x%x\n"",); address.

crypt.c PKT_WARN( ""aes: station replay counters out AES: Station replay counters are out of sync.
of sync for ""MACSTR"". deauthing\n"",
MAC2STR( mu->cfg.addr ) );

crypt.c PKT_INFO( ""qos admission control verification A mobile station has sent more packets then
failed\n""); allowed.

crypt.c PKT_INFO( ""rx encrypted frame from Received an encrypted frame on an unencrypted
""MACSTR"" when policy is no encryption.\n"",); WLAN.

crypt.c PKT_INFO( ""dropping clear frame from Received a unencrypted frame on an encrypted
""MACSTR"". policy requires encryption.\n"",); WLAN.

crypt.c PKT_INFO( ""EWEP bit in WEP hdr = 1, Expected Extended WEP mask is set on a WEP encrypted
0 ""MACSTR""\n"",); WLAN.

crypt.c PKT_INFO( ""EWEP bit in WEP hdr = 0, Expected Extended WEP mask is not set on Keyguard,
1 ""MACSTR""\n"",); TKIP or CCMP encrypted WLANs.

crypt.c PKT_INFO( ""AES-CCMP encrypt failed AES-CCMP: Encrypt failed.


""MACSTR""\n"", MAC2STR( hdr->src ) );

crypt.c PKT_INFO( ""qos admission control verification The intended receiving station has exceed its
failed\n"" ); bandwidth use allocated by QOS.

crypt.c PKT_ERR( ""unknown %s encryption type %d"",); The WLAN has an encryption type that is
unknown to the packet driver. This is to guard
against programming errors from other
modules.

crypt.c PKT_WARN( ""mic check failure ""MACSTR"". MIC check failed.


got: ""MACSTR"" calc: ""MACSTR""\n"",);

dhcp.c PKT_WARN( ""%s : wrong IP version %u"", Received a non IP-v4 packet
__FUNCTION__, skb->nh.iph->version );

dhcp.c PKT_ERR( ""%s : bad cookie %x"", Recevied a DHCP packet with an unknown
__FUNCTION__, ntohl( *( (U32*)posn ) ) ); cookie.
4-14 WS5100 Series Switch Troubleshooting Guide

Table 4.3 Kern Messages (Continued)

Module Message Description


driver.c PKT_ERR( ""device %s needs to be re- A platform specific physical device has not been
installed"", devname[ idx ] ); installed. For example eth1 and eth2 on
Monarch have not been installed.

driver.c PKT_INFO( ""Driver - deliver to Linux vlan Mobility error


%d\n"", PS_Get_SKB_Vlan_Tag( skb ));

driver.c PKT_INFO( ""rx from Linux"" ); The packet driver received a packet from Linux.
This is for debugging purposes only.

driver.c PKT_ERR( ""Error initializing virtual device"" ); The packet driver has failed to initialize its own
working virtual device.

flowctl.c PKT_WARN( ""flowctl: bad tx_res, retries=%d, An unexpected or impossible transmit result
rate=%d"", retries, rate ); from a WISP packet.

flowctl.c PKT_INFO( ""flowctl: no stats update for The tranmittted packet corresponding to this
dropped seq %x"",); WISP sequance can not be updated.

flowctl.c PKT_WARN( ""fc:mu removed before fc ack on An ACK for WISP packet has arrived, but the
prtl ""MACSTR,); corresponding receiving station has been
deleted from system.

flowctl.c PKT_WARN( ""fc:dropped assoc resp pkt to An association response or reassociation


""MACSTR,); response packet has not transmitted
successfully.

flowctl.c PKT_INFO( ""fc:dropped %d consec pkts to More than 5 packets in a row to the same
""MACSTR,); station have failed.

flowctl.c PKT_INFO( ""fc:mu [""MACSTR""] in psp, Received a transmit result for a Mobile Unit in
dropped packet %d"",); PSP mode.

flowctl.c PKT_ERR( MACSTR"" prtl window wrap Detected a wrap around in the WISP flow
curr=%u, new=%u"",); control window. Note: It is expected to see the
wrap around from 65535 to zero. This is not an
error condition it is caused by a programming
error.

flowctl.c PKT_INFO( MACSTR"" fc window wrap curr=%u, Detected a wrap around in the WISP flow
new=%u"",); control window. Note: It is expected to see the
wrap around from 65535 to zero. This is not an
error condition it is caused by a programming
error.

flowctl.c PKT_ERR( MACSTR"" wisp seq %u != fc seq=%u WISP sequence with a radio has become out of
setting to %u"",); sync. Resync to the new number.

flowctl.c PKT_INFO( ""fc allocs:q full"" ); Number of pending packets in the switch has
exceed the limit. The limit is 10,000 for WS5100
switch.

flowctl.c PKT_INFO( ""fc:allocs back down to %u"", The number of pending packets has fallen back
curr_fc_allocs ); below the limit.
Network Events and Kern Messages 4-15

Table 4.3 Kern Messages (Continued)

Module Message Description


flowctl.c PKT_ERR( ""fc alloc:no memory for fc allocs"" ); Request from the operating system for a new
packet has failed.

flowctl.c PKT_INFO( ""fc freed ack q pkt seq %d, tx time A packet pending ACK has been there for too
%u, now %u"",); long (beyond 7 seconds ) and forcefully removed
it..

flowctl.c PKT_INFO( ""fc q extract:seq %d not found in %d Received a flow control message that does not
entries"", seq, count ); have a corresponding packet pending in the
ACK queue.

flowctl.c PKT_INFO( MACSTR"" fc send failure"", A packet has failed to send due to flow control
MAC2STR( prtl_ptr->cfg.addr ) ); limitation.

flowctl.c PKT_ERR( MACSTR"" fc ack timeout:curr A radio ( Access Port) with the specified MAC
%u,acktime=%u"",); address has not sent flow control packets for 5
seconds.

flowctl.c PKT_ERR( MACSTR"" fc no prtl traffic in last %d Heart beats for the radio with specified mac
secs"",); address have not occured within last 5 seconds.

flowctl.c PKT_ERR( ""flowctl : bad tx_ctl %x"", tx_ctl ); The flow control field in WISP packets is not
properly formulated.

flowctl.c PKT_ERR( MACSTR"" std queue: can't tx, fc Sending to a radio has been temporarily
blocked"",); blocked. The current packet will be dropped.

flowctl.c PKT_INFO( ""flowctl Q-Full wlan %d, ac %d The Queue for given wlan and ac is full now.
(%d/%d)"", wlan_idx, ac_idx,);

flowctl.c PKT_INFO( MACSTR"" std queue:alloc failed, Failed to get a new queue element.
curr %d"",);

flowctl.c PKT_INFO( MACSTR"" std q:failed"", MAC2STR( Failed to send a packet due to the above
prtl_ptr->cfg.addr ) ); reasons.

flowctl.c PKT_ERR( MACSTR"" can't tx, fc mgmt A WISP management packet has been dropped
blocked"", MAC2STR( prtl_ptr->cfg.addr ) ); due to that radio being blocked.

flowctl.c PKT_INFO( MACSTR"" fc mgmt q:alloc failed"", An attempt to send a managment packet has
MAC2STR( prtl_ptr->cfg.addr ) ); failed due to a failure to aquire a queue
element.

flowctl.c PKT_INFO( MACSTR"" fc mgmt q:failed"", Attempt to send a managment packet has
MAC2STR( prtl_ptr->cfg.addr ) ); failed.

flowctl.c PKT_WARN( ""mismatch(roam?): The wireless header and the WISP header have
dest=""MACSTR"", its seq=%d, mismatched radio mac addresses.
prtl=""MACSTR"", its seq=%d"",);

flowctl.c PKT_INFO( ""fc can't send"" ); A WISP data packet has failed to send.

flowctl.c PKT_WARN( ""std: pkt sent %d not in ack An attempt has been made to remove a failed
queue"", q_elem->seq ); packet from the ACK queue, but the packet is
not there.
4-16 WS5100 Series Switch Troubleshooting Guide

Table 4.3 Kern Messages (Continued)

Module Message Description


flowctl.c PKT_INFO( ""mgmt fc can't send"" ); A WISP management packet has failed to send.

flowctl.c PKT_WARN( ""mgmt fc: send failed seq %d not An attempt has been made to remove a failed
in ack queue"", q_elem->seq ); packet from the ACK queue, but the packet is
not there.

flowctl.c PKT_INFO( MACSTR"" fc free queues"", Remove the FC queue for the radio with the
MAC2STR( prtl_ptr->cfg.addr ) ); specified MAC address when deleting the
radio.

flowctl.c PKT_ERR( ""Unknown fc_type = %d on Detected an unkown WISP flow control type.
""MACSTR,);

flowctl.c PKT_ERR( ""flowctl: num_pkts_on_portal = 0, An attempt has been made to decrement the
ac_idx = %d can't dec"",); packet counter when it is already at zero.

flowctl.c PKT_ERR( ""%d not found in ack queue for The given WISP sequence is not in the ACK
""MACSTR, seq,); queue.

flowctl.c PKT_INFO( MACSTR"" fc window wrap around Flow control window wrap around occured.
curr = %d, new = %d"",);

flowctl.c PKT_WARN( MACSTR"" ack q is null for Tried to update WISP with ACK sequence, but
seq:0x%08x"",); the ACK queue is empty.

flowctl.c PKT_ERR( ""Invalid Wisp cmd id: 0x%04X"", cmd Invalid WISP commad ID.
);

flowctl.c PKT_ERR( ""psp update tim: alloc skb failed"" ); Tried to send a WISP update TIM, but failed to
get a new buffer.

gag.c PKT_WARN(""vlan out of range"" ); Another program module try to change


multicast-packet-limit for a VLAN out of range
[1,4094]."

hotspot.c PKT_ERR( ""Hotspot: Netdevice does not exists The intended receive device does not exist.
for interface Vlan %d"", vlan_id );

hotspot.c PKT_ERR( ""Hotspot: Device is null"" ); The intended receive device does not exist.

mob_ctl.c PKT_INFO( ""wrong arp prot %x"", arp_hdr->prot Mobility error.


);

mob_data.c PKT_ERR( ""%s : skb2tun copy failed."", Mobility error.


__FUNCTION__ );

mob_data.c PKT_ERR( ""%s : skb2tun copy failed."", Mobility error.


__FUNCTION__ );

pal.c PKT_WARN( ""%s : wrong IP version %u"", When trying to update the MU's IP information,
__FUNCTION__, skb->nh.iph->version ); found out that the version is not IP-v4.

pal.c PKT_INFO( ""%s : wrong arp prot %x"", Recieved ARP with a non-IP protocol.
__FUNCTION__, arp_hdr->prot );
Network Events and Kern Messages 4-17

Table 4.3 Kern Messages (Continued)

Module Message Description


pal.c PKT_INFO( ""%s : de-authing unknown MU Received a packet from an MU that is not
""MACSTR"" on BSS ""MACSTR,); associated. Sending de-auth forces it out.

pal.c PKT_WARN( ""%s : de-auth ""MACSTR"" tx'ing Tried to send a packet for a MU through a radio
on wrong radio:""MACSTR"" should be that it is not currently associated. Sending de-
on""MACSTR,); auth to forces it out.

pal.c PKT_ERR( ""%s: invalid data sub type %X"", Detected an invalid 802.11 sub type in packet.
__FUNCTION__, sub_type );

pal.c PKT_WARN( ""pshandle:de-authing Received a control frame from an unknown


""MACSTR"". unknown src-addr in ctl frame"", station. Sending de-auth forces it out..
MAC2STR( rhdr->src ) );

pal.c PKT_ERR( ""%s : 802.11 data pkt too small (%d Received a runt 802.11 packet.
bytes)"", __FUNCTION__, skb->len );

pal.c PKT_ERR( ""%s: unknown frame type %x"", Received unkown 802.11 frame type.
__FUNCTION__, ctl &
MASK_CTL_FRAME_TYPE );

pal.c PKT_INFO( ""PAL_Rx_From_WLAN"" ); Received a wireless packet. Should be


removed.

pal.c PKT_INFO( ""proxy arp resp was sent"" ); A proxy ARP response was sent.

pal.c PKT_INFO( ""PD_Tx_To_Linux"" ); Sent a packet to the Linux kernel. Will be


removed.

pal.c PKT_INFO( ""PD_Tx_To_Wire"" ); Sent a packet to Ethernet wire.

pal.c PKT_INFO( ""PAL_Defrag_ESS_Data"" ); Defragmenting 802.11 data packet.

pal.c PKT_ERR( ""%s : new_skb allocation failed"", Failed to get a buffer from the OS.
__FUNCTION__ );

pal.c PKT_ERR("" vlan id %d out of range"", vlan_tag ); Received a packet with an out of range VLAN id.

pal.c PKT_ERR( ""Multicast Flooding Detected, Detected that the swich is making too many
limiting the segments in broadcast domain to copies of a multicast packet that uses too much
%d"", copy_limit ); system bandwidth. The switch limits the overall
MC bandwith per VLAN as if the multicast-
packet-limit is 32 or less. The overall MC
bandwith is 3200 packets, and the number of
copies for a given multicast packet is 3200/
multi-cast-packet-limit, when multicast-
packet-limit =32, the number of copies 3200/32
= 100 copies. If the multicast-packet-limit is 33
or above, the overall MC bandwith is 2500
packets, and the number of copies for a given
multicast packet is 3200/limit. When multicast-
packet-limit is 128, e.g., the number of copies is
2500/128 = 19 copies.

pal.c PKT_INFO( ""PAL_Unicast_To_WLAN"" ); Sending a unicast packet to the WLAN.


4-18 WS5100 Series Switch Troubleshooting Guide

Table 4.3 Kern Messages (Continued)

Module Message Description


pal.c PKT_ERR( ""%s : MU ""MACSTR"" has a null The intended station is not associated with any
prtl"", __FUNCTION__, MAC2STR( mu_ptr- radio.
>cfg.addr ) );

pal.c PKT_INFO( ""Non-IP pkt, no DSCP bits. Default The packet is not an IP packet. Default DSCP
DSCP to 0x08"" ); value.

pal.c PKT_INFO( ""PAL_Unicast_From_LAN"" ); Received 802.3 ethernet packet.

pal.c PKT_INFO(""Failed to get new skb, skip""); Failed to get a packet buffer from OS.

pal.c PKT_INFO( ""from switch. Sending to wire"" ); Switching a packet from the switch to the
Ethernet wire.

pal.c PKT_INFO( ""dropping pkt src:""MACSTR"" Failed to determine the destination for a packet.
dst:""MACSTR,);

pal.c PKT_INFO( ""proxy arp resp was sent"" ); Proxy ARP response was sent.

pal.c PKT_INFO( ""dropping wisp packets to another Drop an unicast WISP packet not destined for
switch ""MACSTR,); the switch.

pal.c PKT_INFO( ""dropping L2 wisp packets in wrong Received L2 WISP packet with the wrong
direction, cmd=0x%04x"", cmd ); direction bit.

pal.c PKT_WARN( ""pal: Send_2_CC call failed for a Packet driver tried to send a de-auth packet to
deauth-req\n""); CC for it to process, but it failed.

pal.c PKT_WARN( ""pal: Send_2_CC call failed for Packet driver tried to send a mu-remove-req to
mu-remove-req\n""); CC, but it failed.

proxyarp.c PKT_INFO( ""wrong arp prot %x"", arp_hdr->prot ARP protocol type is not IP protocol.
);

proxyarp.c PKT_INFO( ""gratuitous arp from Received a gratuitious ARP.


ip=%u.%u.%u.%u\n"", NIPQUAD(arp_req-
>src_ip));

proxyarp.c PKT_ERR( ""%s: skb alloc failed"", Failed to get a packet buffer from the OS when
__FUNCTION__ ); trying to send a proxy ARP response.

proxyarp.c PKT_INFO( ""arp resp: smac=""MACSTR "", Sending a proxy ARP response now.
sip=%u.%u.%u.%u dmac=""MACSTR "",
dip=%u.%u.%u.%u\n"",);

ps_capwap.c PKT_INFO( ""warning: rx data from unknown Received a data packet from an unknown portal.
portal"" ); This could happen if the radio starts to forward
traffic before it is adopted by the switch.

ps_capwap.c PKT_INFO(""Rx inactive mu stats for unknown/ Received a MU stats update for an inactive
inactive mu: "" MACSTR,); station.

ps_capwap.c PKT_WARN(""Unreal dt( tx_pkt ) @ rate %d: The delta on transmitted packets from radio
0x%08lx - 0x%08lx = 0x%08lx\n"",); stats is unrealistically big.
Network Events and Kern Messages 4-19

Table 4.3 Kern Messages (Continued)

Module Message Description


ps_capwap.c PKT_WARN(""Unreal dt( retry ) @ %d: 0x%08lx The delta on retry from radio stats is
- 0x%08lx = 0x%08lx\n"",); unrealistically big.

ps_caspwap.c PKT_WARN(""Unreal delta tx-fail: 0x%08lx - The delta on transmission failure from radio
0x%08lx = 0x%08lx\n"",); stats is unrealistically big.

ps_capwap.c PKT_WARN(""capwap skb length underrun: The actual packet length is smaller than what
received %d, expected %d\n"", skb->len, dlen ); the capwap header indicates.

ps_capwap.c PKT_ERR( ""%s : CC sending data pack to CC server is sending a data packet to a station
unknown MU"", __FUNCTION__ ); that the packet driver does not know about.

ps_capwap.c PKT_INFO( ""%s(): packet failed encryption"", Packet failed encryption.


__FUNCTION__ );

ps_common.c PKT_INFO( ""no tail room to fix for runt packet"" Tried to fix a runt Ethernet packet, but there is
); no room to do that.

ps_common.c PKT_ERR( ""pshandle:failed to allocate roam Failed to get packet buffer from the OS.
skbuf"" );

ps_common.c PKT_INFO( ""pshandle:mu ""MACSTR"" Detected that the given MAC address has
roamed"", MAC2STR ( addr ) ); roamed.

psp.c PKT_ERR( ""psp update tim: alloc skb failed"" ); Failed to get the packet buffer to update TIM.

psp.c PKT_INFO( ""psp store: max len (%d) reached. Max number of PSP packets reached.
Use of a lower DTIM value recommended"",
max_qlen );

psp.c PKT_ERR( ""psp store: out of memory"" ); Failed to get memory from the OS.

psp.c PKT_WARN( ""psp_tx_unicast dropping skb to Dropped packets to an unreachable MU.


unreachable mu ""MACSTR,);

psp.c PKT_WARN( ""psp:dropped %d bytes unicast to Dropped number of bytes to a given station.
""MACSTR, skb->len,);

psp.c PKT_WARN( ""psp:deauthing ""MACSTR"" due De-auth of a station due to excessive failures.
to max-tx-fails"", MAC2STR( mu_ptr->cfg.addr )
);

psp.c PKT_INFO( ""prtl ""MACSTR"" bss %d psp queue Radio with a given MAC address, its PSP queue
full with %d pkts"",); is full.

psp.c PKT_ERR( ""dtim poll: recvd bad bss index"" ); Received a DTIM poll with bad BSS index.

psp.c PKT_WARN( ""pspoll: psp bit not set"" ); Received a PSP poll from the MU, but the PSP
bit is not set.

psp.c PKT_INFO( ""psp:mu ""MACSTR"" A station with the given MAC address is in the
authenticating"", MAC2STR( mu_ptr->cfg.addr ) process of authentication.
);

psp.c PKT_INFO( ""psp:free mu queue"" ); Free PSP queue for MU.


4-20 WS5100 Series Switch Troubleshooting Guide

Table 4.3 Kern Messages (Continued)

Module Message Description


psp.c PKT_INFO( ""psp:free portal queues"" ); Free radio PSP queue.

ps_wisp.c PKT_WARN( ""radio ""MACSTR"" lost first frag Missed WISP packet for given sequence range.
of seq %04x till %04x"",);

ps_wisp.c PKT_WARN( ""radio ""MACSTR"" lost seq %u to Missed WISP packet for given sequence range.
%u"",);

ps_wisp.c PKT_WARN( ""warning: unable to queue skb"" ); Failed to switch a packet from a radio to the CC.

ps_wisp.c PKT_INFO( ""warning: rx wisp data from Received a WISP data packet from an unknown
unknown portal"" ); portal.

ps_wisp.c PKT_INFO( ""ps_rx_from_cc: no portal to queue Received a packet from the CC, but there is no
to"" ); radio to send to.

ps_wisp.c PKT_ERR( ""%s : CC sending data pack to Received a packet from the CC, but the intended
unknown MU"", __FUNCTION__ ); MU is unknown.

ps_wisp.c PKT_INFO( ""ps_rx_from_cc: packet failed Failed to encrypt a packet from the CC.
encryption"" );

ratescale.c PKT_ERR( ""%s : curr = %d allowed = %x"", Tried to get to a lower or higher rate beyond the
__FUNCTION__,); allowed rate for a MU.

ratescale.c PKT_ERR( ""ratescale : no highest rate = %x"", It is already in the highest rate setting.
allowed_rates );

ratescale.c PKT_INFO( MACSTR"" rate[%s to %s], [%d/%d], Ratescale is a switch from old rate to new rate.
pct:%d"",);

reassembly.c PKT_ERR( ""fragment too big to copy:%d Reassembed packets does not fit into a single
bytes"", skb->len ); packet buffer.

reassembly.c PKT_ERR( ""reassy:unknown cmd type"" ); Unknown WISP fragment type or command.

reassembly.c PKT_ERR( ""error:fragment too big to copy:%d Reassembed packets does not fit into the single
bytes"", copy_len ); packet buffer.

reassembly.c PKT_ERR( ""PS_Frag_Send unable to alloc skb"" Failed to get packet buffer from the OS.
);

reassembly.c PKT_ERR( ""PS_BCMC_Frag_Send unable to Failed to get packet buffer to send BC packets.
alloc skb"" );

rssi.c PKT_ERR( ""rssi : bad vals ap = %d, rd = %d, rssi Trying to convert RSSI to DBM for an unknown
= %d"", ap, rd, rssi ); combination of ap, radio and rssi.

tunnel.c PKT_INFO(""%s: Unknown tunnel=tunnel%d"", Unknown


__FUNCTION__,);

vdev.c PKT_ERR( ""null device passed to get stats Attempted to get stats for an unknown VLAN.
routine"" );
LED Information

5.1 LED Information


The WS5100 has two vertically-stacked LEDs on its front panel. The LEDs display three colors (blue,amber,
and red), and three lit states (solid, blinking, and off). The following tables decode the combinations of LED
colors and states.

5.1.1 Start Up

Event Top LED Bottom LED


Power off Off Off

Power On Self Test (POST) running All colors in rotation All colors in rotation

POST succeeded Blue solid Blue solid

5.1.2 Primary

Event Top LED Bottom LED


Active (Continually Adopting Access Ports) Blue blinking Blue solid

No License to Adopt Amber blinking Amber blinking

5.1.3 Standby

Event Top LED Bottom LED


Active (Failed Over and Adopting Ports) Blue blinking Blue blinking

Active (Not Failed Over) Blue blinking Amber solid


5-2 WS5100 Series Switch Troubleshooting Guide

5.1.4 Error Codes

Event Top LED Bottom LED


POST failed (critical error) Red blinking Red blinking

Software initialization failed Amber solid Off

Country code not configured. Amber solid Amber blinking


Note: During first time setup, the LEDs will
remain in this state until the country code is
configured.

No access ports have been adopted Blue blinking Amber blinking


Updating the System Image

The WS510 ships with a factory installed firmware image with full feature functionality. However, Motorola
periodically releases switch firmware that includes enhancements or resolutions to known issues. Verify
your current switch firmware version with the latest version available from the Motorola Web site before
determining if your system requires an upgrade.
Additionally, legacy users running either the 1.4.x or 2.x version switch firmware may want to upgrade to the
new 3.x baseline to take complete advantage of the new diverse feature set available to them. This chapter
describes the method to upgrade from either the 1.4.x or 2.x baseline to the new 3.x baseline.

CAUTION: Motorola recommends caution when upgrading your WS5100 switch image to
! the 3.x baseline as portions of your configuration will be lost and unrecoverable. Ensure
that you have exported your switch configuration to a secure location before upgrading
your switch. The upgrade.log file will contain a list of the issues found in the conversion
of the configuration file to the new format.

CAUTION: If using a 1.4.x or 2.x admin user password shorter than 8 characters (such as
! the default motorola password), the password will be converted to the 3.x baseline admin
password of “password” upon a successful update to the 3.x baseline. Ensure your
existing 1.4.x or 2.x admin password is longer than 8 characters before updating, or leave
as is and use “superuser” to login into an updated 3.x baseline.

CAUTION: After upgrading the switch baseline from 1.4.x or 2.x to the 3.x baseline,
! applet caching can produce unpredictable results and contents. After the upgrade, ensure
your browser is restarted. Otherwise, the credibility of the upgrade can come into
question.

6.1 Upgrading the Switch Image from 1.4.x or 2.x to Version 3.x
To upgrade a switch running either a 1.4.x or 2.x version to the latest 3.x version switch firmware:
1. Execute the PreUpgradeScript utility (or use the CLI) to ensure there is enough space on your system to
perform the upgrade. The PreUpgradeScript utility should be in the same directory as the upgrade files.
6-2 WS5100 Series Switch Troubleshooting Guide

2. Install the Cfgupgrade1.0-setup utility on a Windows desktop system by double clicking the
Cfgupgrade 1.0-setup file.
Follow the prompts displayed by the installer to install Cfgupgrade 1.0-setup.
A WS5100 Configuration Upgrade icon gets created within the Program Files folder. The icon can be
optionally created on your Windows desktop as well.
3. From the WS5100 running either 1.4.x or 2.x, create a configuration and save it on the switch.
WS5100# save <file name> <.cfg>
This is the configuration that will be upgraded to the new 3.x baseline.

NOTE Motorola recommends saving a copy of the switch configurartion to a secure


location before the upgrade. If an error occurs with the upgrade a viable
configuration will be needed to restore on the switch.
4. Copy the configuration file <.cfg> from the legacy WS5100 to the Windows system where the conversion
utility resides.
Use ftp or tftp to transfer the file.
5. Click on the WS5100 configuration Upgrade icon (from the Windows system).
6. Select the config file copied on to the windows system and run it.
A folder having the same name as the config file is created. The folder contains the converted startup-
config file (in the new upgraded format) along with other log files.
7. Copy the startup-config file back to the WS5100 running using either tftp or ftp.
8. Download or copy the image file <WS5100-3.0.2.0-XX.v1> or
<WS5100-3.0.2.0-XX.v2> to the WS5100 running the legacy switch firmware.

NOTE If upgrading a 1.4.x version WS5100 to the new 3.x baseline, be sure you are
using the <WS5100-3.0.2.0-XX.v1> image file. If upgrading a 2.x
version WS5100 to the new 3.x baseline, be sure you are using the
<WS5100-3.0.2.0-XX.v2> image file.
9. On WS5100 running the legacy switch firmware, type:
WS5100#service
WS5100#password "password"
exec
Upon reboot, the switch runs the 3.x image using startup-config as the running configuration.
10.Repeat the instructions above for additional switch upgrades, ensuring
<WS5100-3.0.2.0-XX.v1> is used for 1.4.x version upgrades, and
<WS5100-3.0.2.0-XX.v2> is used for 2.x version upgrades.

6.2 Downgrading the Switch Image from Version 3.x to 1.4.x or 2.x
If for some reason you want to downgrade your WS5100 back down to a 1.4.x or 2.x version firmware image,
use one of the two following image files:
• WS5100-1.4.3.0-012R.img
• WS5100-2.1.0.0-029R.img
Troubleshooting SNMP Issues

The following SNMP-releated issues could require troubleshooting as issues are experienced with the
WS5100 switch.
MIB Browser not able to contact the agent.
General error messages on the MIB Browser: Timeout, No Response.
The client IP where the MIB browser is present should be made known to the agent. Adding SNMP clients
through CLI or Applet can do this. This can be verified by looking at /butterfly/snmp/snmpd.conf. The entries
are generally present towards the end of this file.
Not able to SNMP WALK for a GET.
First check whether the MIB browser has IP connectivity to the SNMP agent on the WS5K. Use IP Ping from
the PC which has the MIB Browser.
Then check if the community string is the same at the agent side and the manager (MIB Browser) side.
Community name is case sensitive.
MIB not visible in the MIB browser.
The filename.mib file should be first compiled using a MIB compiler, which creates a smidb file. This file must
be loaded in the mib browser.
If SETs still don't happen...
Check to see if environment variables are set. The following are the env variable to be set.
SNMPCONFPATH=/butterfly/snmp
MIBDIRS=/butterfly/snmp/mibs
MIBS=ALL
Restart the SNMP agent (the snmpd daemon)
Not getting snmptraps
Check whether snmp traps are enabled through CLI or Applet. Configure MIB browser to display notifications
or traps. (This would generally be a check box in the MIB browser preferences).
Still Not Working
Double check Managers' IP Address, community string, port number, read/write permissions, and snmp
version. Remember community string IS CASE SENSITIVE.
7-2 WS5100 Series Switch Troubleshooting Guide
Appendix A Customer Support
Motorola’s Enterprise Mobility Support Center
If you have a problem with your equipment, contact Enterprise Mobility support for your region. Contact information is
available at: http://www.symbol.com/contactsupport.
When contacting Enterprise Mobility support, please provide the following information:
• Serial number of the unit
• Model number or product name
• Software type and version number
Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you
purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner
for support.
Customer Support Web Site
Motorola's Support Central Web site, located at www.symbol.com/support provides information and online assistance
including developer tools, software downloads, product manuals and online repair requests.
Downloads
http://symbol.com/downloads
Manuals
http://symbol.com/manuals
General Information
Obtain additional information by contacting Motorola at:
1-800-722-6234, inside North America
+1-516-738-5200, in/outside North America
http://www.motorola.com/
A-2 WS5100 Series Switch Troubleshooting Guide
MOTOROLA INC.
1303 E. ALGONQUIN ROAD
SCHAUMBURG, IL 60196
http://www.motorola.com

72E-100959-01 Revision A
June 2007

You might also like