Symbol Ws5100 Troubleshooting Guide
Symbol Ws5100 Troubleshooting Guide
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered
trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
Chapter 1. Overview
1.1 Wireless Switch Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.1.1 Switch Does Not Boot Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.1.2 Switch Takes a Long Time to Start Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.3 Switch Does Not Obtain an IP Address through DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.4 Switch is Stuck in a Booting Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
1.1.5 Unable to Connect to the Switch using Telnet or SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
1.1.6 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
1.1.7 Console Port is Not Responding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8 Shutting Down the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8.1 Shutting Down the Switch Using the 1.4.x/2.x Shutdown Command . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.1.8.2 Shutting Down the Switch Using the Halt Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
1.2 Access Port Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.2.1 Access Ports are Not Adopted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3 Mobile Unit Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3.1 Access Port Adopted, but MU is Not Being Associated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
1.3.2 MUs Cannot Associate and/or Authenticate with Access Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.3.3 Poor Voice Quality Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.4 Failover Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
1.4.1 Switch is Not Failing Over . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.4.2 Switch is Failing Over Too Frequently . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.5 Installation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1.5.1 After Upgrade, Version Number Has Not Changed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6 Miscellaneous Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6.1 Excessive Fragmented Data or Excessive Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.6.2 Excessive Memory Leak. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
1.7 System Logging Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
NOTE: Screens and windows pictured in this guide are samples and can differ from actual
screens.
Documentation Set
The documentation set for the WS5100 Series Switch is partitioned into the following guides to provide
information for specific user needs.
• WS5100 System Reference - describes WS5100 Series Switch Web UI configuration activities and the
resulting network behavior.
• WS5100 Installation Guide - describes the basic setup and configuration required to transition to more
advanced configuration of the switch.
• WS5100 CLI Reference - describes the Command Line Interface (CLI) and Management Information
Base (MIB) commands used to configure the WS5100 Series Switch.
• WS5100 Migration Guide - provides upgrade instructions and new feature descriptions for legacy
users of the WS5100 Series Switch.
Document Conventions
NOTE: Indicate tips or special requirements.
CAUTION: Indicates conditions that can cause equipment damage or data loss.
!
WARNING! Indicates a condition or procedure that could result in personal
injury or equipment damage.
-viii WS5100 Series Switch Troubleshooting Guide
Notational Conventions
The following additional notational conventions are used in this document:
• Italics are used to highlight the following:
• Chapters and sections in this and related documents
• Dialog box, window and screen names
• Drop-down list and list box names
• Check box and radio button names
• Icons on a screen.
• GUI text is used to highlight the following:
• Screen names
• Menu items
• Button names on a screen.
• bullets (•) indicate:
• Action items
• Lists of alternatives
• Lists of required steps that are not necessarily sequential
• Sequential lists (e.g., those that describe step-by-step procedures) appear as numbered lists.
Overview
This chapter describes common system issues and what to look for while diagnosing the cause of a problem.
Wherever possible, it includes possible suggestions or solutions to resolve the issues.
The following sections are included:
• Wireless Switch Issues
• Access Port Issues
• Mobile Unit Issues
• Failover Issues
• Installation Issues
• Miscellaneous Issues
• System Logging Mechanism
Switch not getting enough Verify the CPU fan is operating properly.
ventilation
Max sessions have been Maximum allowed sessions is 8 concurrent users connected to a switch. Verify that
reached the threshold has not been reached. .
1.1.6 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond
When configuring the switch, it is easy to overlook the fact that the host computer is running the browser
while the switch is providing the data to the browser. Occasionally, while using the Web UI (GUI) the switch
does not respond or appears to be running very slow; this could be a symptom of the host computer or the
network, and not the switch itself. Table 1.5 provides suggestions to troubleshoot this issue.
Table 1.5 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond Troubleshooting Notes
Slow transmission of data Verify the data packets are being sent to and from the switch using a sniffer tool.
packets
Access ports may try to Set the country name for the switch, which is set to “none” by default.
adopt while country code is
not set
1-4 WS5100 Series Switch Troubleshooting Guide
Table 1.5 Web UI is Sluggish, Does Not Refresh Properly, or Does Not Respond Troubleshooting Notes (Continued)
Overburdened with a large With large numbers of access ports, changing the configuration quickly may cause the
number of access ports switch to not refresh properly, at least immediately following configuration.
Java JRE is out of date Be sure you are using Sun Java JRE 1.5 or later. To download the appropriate for your
system go to: http://www.sun.com/java/
Not using a terminal Verify a serial terminal emulation program, such as HyperTerminal, is in use.
emulation program
Settings in terminal Check the serial port settings in the serial terminal emulation program being used. The
emulation program are correct settings are:
incorrectly set
Terminal Type VT-100
1.1.8.1 Shutting Down the Switch Using the 1.4.x/2.x Shutdown Command
To gracefully shutdown the WS 5100, issue the shutdown command from the configure context in the CLI:
WS5000.(Cfg)> shutdown
This command will halt the system.
Overview 1-5
NOTE: The WS5100 will power off after issuing a halt command through a software
toggle of the power supply. Be sure to flip the power switch to the Off position. If the
power cord is removed and reinstalled, or power is lost and restored, the switch will
power back on.
1-6 WS5100 Series Switch Troubleshooting Guide
Country code for switch is Verify the country code is entered into the switch prior to adopting any access ports.
not set The switch is not fully functional until a country code is set.
Access ports are off- Verify the access ports are connected to the network and powered on.
network
Switch is configured as Verify the switch is not configured as a Standby system prior to adopting any access
Standby switch ports. Even if a Standby switch is not in use, the Primary switch must be in an active
state in order for it to adopt access ports.
The state is automatically determined by the failover system. From the CLI or Web UI
check the standby state to see if the switch is either Primary or Standby
Access ports are restricted Verify the switch is not configured with an access control list that does not allow
in configuration access port adoption; verify that access port adoption is not set to “deny”.
Ensure that the access port adoption policy is added with a WLAN.
Access Port is on Exclude Verify the ACL adoption list does not include the access ports that are not being
List adopted.
Miscellaneous other issues • Check the access port LEDs for “Loadme” message on start-up.
• With a packet sniffer, look for 8375 (broadcast) packets
• Reset the switch. If the switch is hung, it may begin to adopt access ports properly
once it has been reset.
All else... Contact Motorola Support.
Incorrect ESSID applied to Verify on the MU the correct ESSID has been applied to the MU.
the MU
Ethernet port configuration Verify the Ethernet port connected to thenetwork and has a valid configuration.
issues If DHCP is used, verify that the Ethernet cable is connected to the same NIC upon
which DHCP services are enabled.
Incorrect security settings Verify the correct security settings are applied to a WLAN in which the MU is tryng to
associate.
Device key issues Verify in Syslog that there is not a high rate of decryption error messages. This could
indicate that a device key is incorrect.
MU is not in Adopt List Verify the device is not in the “do not adopt ACL”.
Keyguard not set on client Verify Keyguard is set on the client if the Security/WLAN Policy calls for Keygaurd.
Primary and Standby Mismatch configurations are not allowed. Verify that the Primary and Secondary
switches have mismatched switches have the same software versions running.
software versions
Primary and Standby Verify the Primary and Secondary switch are configured properly and attempt to ping
switches cannot each switch (using the ping command) from each switch.
communicate with each
other
Other problems, as listed in Review the local logs on the Standby switch.
switch logs
MAC address configuration Review the Syslog. The correct MAC address should be seen when checking the
issues Syslog heartbeat messages.
Conflicting addressing on If more than one Primary switch exists on the same network, then use MAC addresses
same network to configure.
Too many concurrent Telnet Keep the maximum number of Telnet or SSH sessions low (6 or less), even though up
or SSH sessions to 8 sessions are allowed.
3. AUTOUPCLCONFIG 4 Loaded new cluster config If checksum for new and running
config are different – new config
overwrites the running one. This may
happen during
auto-install.
6. AUTOINSTCLCFGNOREAD 3 Could not read the cluster Cluster config copy to temp failed.
config file [str]
14. AUTOINSTSIGWCCPUNKO 7 Tried to signal wccpd using Failed to open wccpd UID file, trying
NWN pidof because pid was not plan B. By plan B we mean that we
read using alternative method to find and
kill the process.
18. AUTOINSTSCHEDULED 7 Autoinstall starting DHCP should have written the config
to the file, if we can read the config
and assemble the URLs then – start
auto-install.
19. AUTOINSTTOOLATE 6 Too late for DHCP triggered If uptime is over 10 minutes – auto-
autoinstall install will not run.
23. DOT11IFAILURE 6 Station [mac] failed dot11i Failure could occur due to 4-way
(tkip/ccmp) handshake on handshake timeout; or unknown state
WLAN [uint] of authentication (HOW?); or too
many retries; or IE element is
different than during association; or
key routine returned error.
Syslog Messages & MU Disassociation
27. TKIPMICCHECKFAIL 4 TKIP message integrity Switch reports MIC failure for MU
check failed in frame on
WLAN [uint]
28. COUNTRYCODE 5 config: setting country code New country code is set. All APs will
to [str] be reset.
29. RADIOUNADOPTED 5 [str] radio on AP [mac] un- Due to country code change or
adopted heartbeats timed-out or switch
issued reset command.
30. MAXAPCAPACITY 4 Max APs capacity reached: Cluster max AP capacity reached.
[int]
31. DISKFULL 4 "Flash Disk Full, file cannot File creation failed due to no memory.
be created
32. DFSNOVALIDHANNEL 6 "Radio [uint] unable to get a DFS is unable to find a valid channel.
valid channel, configuration
deferred
33. DFSMOVECHANNEL 6 Radio [uint] move to channel DFS is changing the radio channel.
[uint] - [uint] MHz
34. RADIORADARDETECT 4 802.11a radio on AP [mac] Radar detection notice. Channel will
found radar on channel be changed if possible.
[uint]
42. IDSNULLADDR "4 MU [mac]. Filtering for [int] IDS failure - MU will be
IDSSAMEADDR seconds disassociated.
IDSMCASTSRC
IDSWEAKWEPIV
IDSCNTRMEAS
44. IDSEVENTSWITCH 4 IDS event [str] detected on Events are same as above. Violations
switch thresholds are user configurable on
IDS.
45. WLANKERBCFGCHG 6 WLAN [uint] de- Set the WLAN as not authenticated.
authenticated,
configuration changed
Syslog Messages & MU Disassociation
51. STATIONTOTALLIMIT 4 Station [mac] denied MAX MU limit of 4096 has been
authentication : max reached.
supported stations limit
reached
53. STATIONCAPERR 4 Station [mac] denied Bad ESS, IBSS or WEP settings
association to radio [uint] : provided.
802.11 capability field
unsupported
57. STATIONSSIDERR 4 Station [mac] denied ESSID length is invalid or ESSID not
association to radio [uint] : supported on radio.
[str]
2-6 WS 5100 Series Switch Troubleshooting Guide
59. STATIONRADIOLIMIT 4 Station [mac] denied Max MU limit per radio is reached.
association to radio [uint] :
maximum Stations per radio
[uint] reached
64. RADIUSVLANUPDATE 6 Assigning Radius Server Raduis assigned new VLAN to MU.
specified VLAN [uint] to
station [mac] on WLAN
[uint]
68. EAPAUTHFAILED 6 Station [mac] failed eap Received access-reject from Radius
(802.1x) authentication on Server.
WLAN [uint]
72. RADIUSDISCACK 6 Sending Radius Disconnect All went well, user was removed -
ACK to [ip] msg sent to server"
73. RADIUSDISCNACK 6 Sending Radius Disconnect Didn't like the request - couldn't find
NACK to [ip] the MU - msg sent to server.
75. RADIUSTXCOANACK 6 Sending Radius Change-Of- Didn't like the request - couldn't find
Authorization NACK to [ip] the MU - msg sent to server.
76. RADIOACSSTART 6 Radio [uint] starting auto ACS is started. Called by WISP if the
channel selection scan on radio configuration if it's set for
ACS
77. RADIOACSEND 6 Radio [uint] has completed ACS is done. New channel is
an auto channel selection selected.
scan. Channel selected:
[uint]
81. SHEALRADIODOWN 4 Radio [uint] was detected Radio has been detected as being
down. down by its neighbors.
82. SHEALACTIONTAKEN 5 Radio [uint] took self healing Self healing has been activated.
action to cover for down
neighbor
83. SHEALACTIONTAKEN 5 Radio [uint] has returned to Radio resumed active work mode
normal operation
84. SHEALACSRERUN 5 Auto Channel Select was re- Happens if we exceeded the
run for radio [uint] due to configured avg number or retries
retry threshold being
crossed
85. STATSSTATION 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] for MU# [mac] the MU has been exceeded. Each
threshold value has its own unique
thrshold setting defined by the user.
2-8 WS 5100 Series Switch Troubleshooting Guide
87. STATSMODULE 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] the switch has been exceeded. Each
threshold value has its own unique
thrshold setting defined by the user.
88. STATSWLAN 4 Threshold reached, [str] is One of the threshold values set for
[str] [str] for WLAN# [str] the WLAN has been exceeded. Each
WLAN threshold value has its own
unique thrshold setting defined by the
user.
93. RSAKEYGEN 6 Rsa key [str] generated Keypair generated successfully. The
switch can maintain different key
pairs for each certificate generated.
These keys can be manually or
automatically generated.
95. INVALIDCERTKEY 5 Private key imported for Each trustpoint is associated with a
trustpoint [str] is not valid certificate and RSA key. If RSA key
specified is not a valid RSA key type
(PEM or DER) this message displays.
98. INVALIDCERTCRL 5 Certificate Crl Imported for CRL is Certificate Revocation List,
trustpoint [str] is invalid issued for revoked Certificate from a
root CA authority. Wrong format of
imported CRL displays this message.
101. INVALIDRSAKEY 5 Rsakey imported with the RSA Key imported is not of valid
name [str] is invalid PEM/DER format.
153. NO INFORMATION: NEED 5 Include range is not Generated when trying to remove a
MNEMONIC FROM configured for pool [str] DHCP IP range not configured for the
ENGINEERING specified pool.
154. PANIC 5 Last reboot was caused by a The panic message is used to indicate
panic a switch restart due to a kernel crash.
Panic files are created when the
switch comes up in flash/crashinfo.
These files are visible in GUI under
Diagnostics > Panic Snapshots and
through the CLI using command
service show crash-info.
156. KEYDELETED 4 Rsakey [str] associated with SSHD can be configured to use the
ssh is deleted so ssh is RSA key generated by user. If this key
restarted with default rsa is deleted, SSHD goes back to the
key default key displaying this message.
2-14 WS 5100 Series Switch Troubleshooting Guide
158. FANUNDERSPEED 4 Fan [str] under speed: [uint] Diagnostic message: Fan speed is
RPM is under limit [uint] too slow.
RPM
159. UNDERVOLTAGE 4 Voltage [dec2]V under low Diagnostic message: Voltage reading
limit [dec2]V is under low limit.
160. OVERVOLTAGE 4 Voltage [dec2]V over high Diagnostic message: Voltage reading
limit [dec2]V is over high limit.
165. BUFUSAGE 6 "[uint] byte buffer usage Kernel buffer usage more than
gter than expected, [uint] predefined maximums. Maximum
used, warning level limits for kernel buffer can be seen by
[uint]real “service show diag limit” command
and current status can be seen by the
“service show diag stats” command.
166. HEADCACHEUSAGE 6 "socket buffer head cache The packet buffer head cache usage
usage is greater than is more than the maximum limit of
expected, usage [uint], 11000 bytes. Reduce cache to rectify.
warning level [uint]
167. IPDESTUSAGE 6 "IP destination cache usage The number if IP destinations the
is greater than expected, switch sees. This is informative does
usage [uint], warning level not constitute any alert condition
[uint]
168. FREERAM 6 "Free RAM, [dec2]% is less This may happen if there is a memory
than limit [dec2]% leak in any of the applicationsrunning
on switch. Memory consumption can
be seen by the “service show diag
top” command. Killing the process
will free the memory required to run
at preferred limits and stop the
message.
170. FDCOUNT 4 FD Usage [uint] is over limit Displays when running out of space
[uint] on the flash disk. Results when file
descriptors exceed the maximum
limit of 2500.
171. NEWLICENSE 6 Licensed AP count changed Displays when the user enters a new
to [uint] license.
2-16 WS 5100 Series Switch Troubleshooting Guide
175. MUDEL 6 Station [mac]: Deleted from Occurs when a MU is deleted from
Mobility Database the mobility database. Can occur
when a MU is disconnected.
176. MUJOIN 6 Station [mac]: JOIN A join request from a peer is received.
received from peer [ip]
181. PEERUP 4 Peer [ip] is UP The mobility peer is up. The mobility
peer is the switch specified in the L3
mobility service list.
182. PEERDOWN 5 Peer [ip] is DOWN The mobility peer is down. Possible
causes could include:
• Connection broken with peer
• Mobility disabled on peer
• Connection close received
from peer
• Error message received from
peer.
187. PROCMAXRSTRT 1 "Process ""[str]"" reached its Too many restarts of the same
maximum number of process. The maximum number of
allowed restarts process restarts has been reached
but the system-restart is disabled or
reached maximum the number of
system restarts Default number of
process restarts is 4.
188. PROCSYSRSTRT 0 "Process ""[str]"" reached its The maximum number of process
maximum number of restarts has been reached. The
allowed restarts. Rebooting switch is going to reboot.
the system !
189. PROCSTOP 5 "Process ""[str]"" has been The switch is killing the process from
stopped the start-shell using a kill command.
194. PEERACTIVEDOWN 4 "Peer [ip], with group ID Error in the update message from the
[uint] in active mode is down peer. The connection will come down.
Re-establish the connection.
195. PEERSTADOWN 4 "Peer [ip], with group ID Error in the update message from the
[uint] in standby mode is peer. The connection will come down.
down Re-establish the connection.
196. PEERACTIVEINVLCONF 1 "Peer [ip], with group ID The redundancy configuration has to
[uint] in active mode has be identical across the entire cluster.
detected with invalid Consequently, a misconfiguration has
configuration been detected.
2-18 WS 5100 Series Switch Troubleshooting Guide
198. PEERACTIVEOPER 5 "Peer [ip], with group ID The primary peer is fully operational.
[uint] in active mode is fully
operational
199. PEERSTAOPER 5 "Peer [ip], with group ID The standby peer is fully operational.
[uint] in standby mode is
fully operational
202. STATEDISCOVERY 6 The wireless module has Discovery process has started for the
started discovering other cluster group.
members in the redundancy
group
210. USERAUTHSUCCESS 5 User '[str]' logged in with The user has successfully logged in.
role of '[str]' from auth
source '[str]
211. USERUPDATE 6 User '[str]' updated with use A new or existing user now has a new
roles of '[str]' and allowed set or user access permissions.
access from '[str]
Syslog Messages & MU Disassociation
213. AUTHNOTIFY 5 Radius server secret not User access denied. Now trying next
configured or server not auth method since the Radius server
reachable. Hence trying is not reachable or properly
next auth method configured.
215. USERAUTHFAIL 3 User '[str]' can not be Bad password used in authetnication
authenticated attempt. Attempt authentication
again using correct passowrd.
219. DHCPDEFRT 6 Default route with gateway Default route for gateway has been
[ip] learnt via DHCP acquired through DHCP.
220. DHCPIPCHG 5 "Interface [str] changed The IP address provided by the DHCP
DHCP IP - old IP: [ip]/[uint], server is different from previous
new IP: [ip]/[uint] lease.
221. DHCPNODEFRT 5 Interface [str] lost its DHCP Interface is disabled for DHCP and
default route therefore leaving its default route to
gateway.
222. FREEFLASHDISK 6 "Free [str] file system space, The current file system space is less
[str]% is less than limit than the minimum limit of 10%. Could
result when files are saved on the
switch. Delete files when required to
create the necessary space.
223. KERNEL-4-WARNING 4 "Queue to user space full, Queue for user space full and a
packet throttled=%d warning has been generated.
232. KERNEL-4-WARNING 4 "fc:dropped assoc resp pkt An association response packet has
to ""MACSTR been dropped. Validate the success
of the association attempt, and (if
needed) try again.
236. KERNEL-4-WARNING 4 std: pkt sent % not in ack Packet sent information is not within
queue the ACK queue.
238. KERNEL-4-WARNING 4 "MACSTR"" ack q is null for The ACK queue is null for this
seq:0x%08x attempt.
246. KERNEL-4-WARNING 4 warning: rx data from Data has been received from an
unknown portal unknown portal location. This is an
informational warning and should be
checked periodically to ensure its not
repeated and the source represents a
viable threat.
259. KERNEL-3-ERROR 3 WLAN Index is not For hotspot feature. Error is seen
supported when destination IP is check in the
WHITE IP list and WLAN index is bad.
260. KERNEL-3-ERROR 3 CCdev_read: bug in circular Index not being correctly defined and
index computation rd %d wr an index computation loop has been
%d" created.
"tot_entry %d to_read %d
rcc %d
261. KERNEL-3-ERROR 3 1. dev_read copy error rcc Read copy error encountered.
%d
ccdev : Mob CCdev_Read
copy_to_user error
262. KERNEL-3-ERROR 3 2. dev_read copy error rcc Read copy error encountered.
%d
ccdev : Mob CCdev_Read
copy_to_user error
274. KERNEL-3-ERROR 3 pkt0 has not been created Packet 0 has not been created.
275. KERNEL-3-ERROR 3 device eth1/eth2 needs to Device using the switch Eth1 or Eth2
be re-installed resources requires re-installation.
277. KERNEL-3-ERROR 3 Error initializing virtual A virtual device initialization error has
device been encountered.
282. KERNEL-3-ERROR 3 "MACSTR"" fc no prtl traffic No portal traffic detected over the
in last %d secs last “N” number of seconds.
288. KERNEL-3-ERROR 3 "%d not found in ack queue For TX results – sequence no found.
for ""MACSTR
289. KERNEL-3-ERROR 3 Invalid Wisp cmd id: Found bad WISP command ID when
0x%04X updating flow control results.
2-24 WS 5100 Series Switch Troubleshooting Guide
291. KERNEL-3-ERROR 3 Hotspot: Netdevice does not Valid tunnel was not found for given
exists for interface VLAN IP and VLAN tag.
%d
299. KERNEL-3-ERROR 3 VLAN id %d out of range VLAN is bigger than 4128. Sent when
trying to create broadcast for all
BSSIDs.
301. KERNEL-3-ERROR 3 "PAL_Unicast_To_WLAN : There are no known APs for this MU.
MU ""MACSTR"" has a null
prtl
306. KERNEL-3-ERROR 3 psp update tim: alloc skb Cannot allocate buffer required to
failed send Update TIM message to AP.
307. KERNEL-3-ERROR 3 psp store: out of memory Cannot store PSP packet.
Syslog Messages & MU Disassociation
313. KERNEL-3-ERROR 3 fragment too big to copy:%d Got bad fragment packet.
bytes
318. KERNEL-3-ERROR 3 "rssi : bad vals ap = %d, rd = If RSSI value is bigger than 255, or
%d, rssi = %d smaller than 0 (or unknown radio),
when attempting to convert RSSI to
DBM.
324. KERNEL-3-ERROR 3 null device passed to get Unavailable device has been
stats routine forwarded for statistics gathering.
325. KERNEL-3-ERROR 3 null priv pointer in get stats Stats generation failure occured
when collecting data.
2-26 WS 5100 Series Switch Troubleshooting Guide
331. KERNEL-3-ERROR 3 VLAN_Handle_Egress: skb Missing VLAN tag in the packet that
had no VLAN tag. dropping we are sending. Should be set
already.
335. KERN-6-INFO 6 Add WTP at N Adds a WTP entry to the table. WTP is
a CAPWAP definition for AP.
337. KERN-6-INFO 6 Prtl <MAC> rem @ N Deletes an AP entry from the table.
341. KERN-6-INFO 6 "WEP Decrypt Failed ""MU Failed to decrypt WEP encrypted
MAC packet.
344. KERN-6-INFO 6 "ccmp decrypt failed Decryption of packet that have been
""MACSTR"" (%u bytes) encrypted using AES-CCMP failed
Syslog Messages & MU Disassociation
347. KERN-6-INFO 6 "rx encrypted frame from Encrypted packet received on non-
""MAC"" when policy is no encrypted WLAN.
encryption.
348. KERN-6-INFO 6 "dropping clear frame from Received packet was expected to be
""MACSTR"". policy encrypted.
requires encryption
349. KERN-6-INFO 6 "EWEP bit in WEP hdr = 1, For WEP64 and WEP128 traffic.
Expected 0 ""MAC”
350. KERN-6-INFO 6 "EWEP bit in WEP hdr = 0, For Keyguard and TKIP and CCMP
Expected 1 ""MAC traffic.
352. KERN-6-INFO 6 qos admission control Unicast packet did not pass WMM
verification failed admission control.
355. KERN-6-INFO 6 flowctl: no stats update for No stats available for target dropped
dropped seq N sequence.
362. KERN-6-INFO 6 fc q extract:seq N not found Target sequence not found in target
in Y entries entries.
376. KERN-6-INFO 6 proxy arp resp was sent A proxy ARP response was sent.
385. KERN-6-INFO 6 "dropping wisp packets to WISP packets to another switch have
another switch ""MACSTR been dropped.
386. KERN-6-INFO 6 "dropping L2 wisp packets Each L2 WISP packet that was sent in
in wrong direction, the wrong direction has been
cmd=0x%04x dropped.
388. KERN-6-INFO 6 gratuitous arp from Gratuitous ARP received from target
ip=%u.%u.%u.%u address.
391. KERN-6-INFO 6 "Rx inactive mu stats for No longer receiving stats for an
unknown/inactive mu: "" inactive or unknown MU.
MACSTR
392. KERN-6-INFO 6 "PC_Rx_From_CC (): packet Received packet was not able to
failed encryption correctly encrypt.
393. KERN-6-INFO 6 no tail room to fix for runt Runt packet fix could not be
packet accomodated.
395. KERN-6-INFO 6 warning: rx wisp data from Warning message stating WISP data
unknown portal has been received from an unknown
source (portal).
420. KERN-6-INFO 6 "%s : session-timeout for Session timeout for wired host.
Wired-host ""MACSTR
423. AUTH-3-ERR: 3 Malformed IKE identity `%s Remote ID for aggressive mode IKE
WIOS_SECURITYMGR SA cannot be decoded.
Syslog Messages & MU Disassociation
425. AUTH-3-ERR: 3 Could not force CA CA certificate could not be used as/
WIOS_SECURITYMGR certificate as a point of trust with trustpoint.
426. AUTH-3-ERR: 3 """Can not insert CA The CA certificate will not insert into
WIOS_SECURITYMGR certificate into local the local database. Either resolve
database issue with this certificate or use a
different one.
427. AUTH-3-ERR: 3 """ Message: Malformed Error displayed when checking if IKE
WIOS_SECURITYMGR IKE SA proposal security association proposal
matches.
428. AUTH-3-ERR: 3 """ Reason: Invalid protocol Invalid protocol ID. The result is a
WIOS_SECURITYMGR ID %d, should be %d malformed IKE security association
proposal.
431. AUTH-3-ERR: 3 """ Reason: No key-length Variable key length cipher is specified
WIOS_SECURITYMGR proposed for "" ""variable in IKE SA proposal, but the key length
key-length cipher %s attribute is missing.
433. AUTH-3-ERR: 3 """AES counter mode cannot A tunnel check has failed because of
WIOS_SECURITYMGR be used without an "" using an AES counter mode with the
""authentication algorithm authentication algorithm.
434. AUTH-3-ERR: 3 """AES counter mode cannot A tunnel check has failed because of
WIOS_SECURITYMGR be used with manual keys using an AES counter mode with
manual keys.
435. AUTH-3-ERR: 3 """Tunnel does not specify A tunnel check has failed because of
WIOS_SECURITYMGR any keying method "" ""(IKE using no keying method (i.e. IKE or
or manual) manual defined for tunnel).
436. AUTH-3-ERR: 3 "Auto-start rule does not The post auto-start rule check has
WIOS_SECURITYMGR specify single IP address "" failed. The user did not provide
""or domain name for its enough information to (remote IKE
remote peer peer and IP address) establish the
rule automatically.
437. AUTH-3-ERR: 3 Both REJECT and PASS Both the reject and pass flags for a
WIOS_SECURITYMGR defined for a rule rule are on. Policy manager use these
flag to reject or pass the rule.
2-32 WS 5100 Series Switch Troubleshooting Guide
439. AUTH-3-ERR: 3 To-tunnel specified for a Cannot set rejetct rules on To-tunnel.
WIOS_SECURITYMGR REJECT rule
442. AUTH-3-ERR: 3 The maximum number of Max number of policy rule is 600 i.e.
WIOS_SECURITYMGR policy rules reached four times the number of maximum
tunnels.
443. AUTH-3-ERR: 3 IP protocol not specified for IP protocol not specified for this
WIOS_SECURITYMGR this service element. service element.
444. AUTH-3-ERR: 3 "Cannot insert this rule, the The selected rule cannot be used, as
WIOS_SECURITYMGR forced NAT protocol"" "" the type does not match the rule
type does not match rule protocol in effect.
protocol
446. AUTH-3-ERR: 3 """ Reason: AH can not be NAT traversal cannot be used with
WIOS_SECURITYMGR initiated with NAT-T AH mode, as it has run hash on the IP
addresses.
448. AUTH-3-ERR: 3 """ Reason: Inconsistent The current and new encapsulation
WIOS_SECURITYMGR encapsulation modes:” mode is not same. Ensure they are
“current %d, new %d” consistent.
449. AUTH-3-ERR: 3 """ Reason: unknown The encapsulation mode specified for
WIOS_SECURITYMGR encapsulation mode %d an IPSec security association is not
proposed recognized.
453. AUTH-3-ERR: 3 """ Message: malformed Following two messages are reason
WIOS_SECURITYMGR IPSec AH proposal for this message.
Syslog Messages & MU Disassociation
456. AUTH-3-ERR: 3 """ Could not select A proposal could noty be selected for
WIOS_SECURITYMGR proposal for IPSec SA %d the IPSec security association.
457. AUTH-3-ERR: 3 """ Message: Could not A policy rule could not be successfully
WIOS_SECURITYMGR select policy rule selected for security policy. Try a
different policy rule.
458. AUTH-3-ERR: 3 """ Message: Could not A security association could not be
WIOS_SECURITYMGR select SA from IPSec SA "" specified from the IPSec security
""proposal association proposal.
469. AUTH-3-ERR: 3 """The `per-port' or `per- Security association per-port and per-
WIOS_SECURITYMGR host' SA flags can not be "" flag attributed could not be specified
""specified for `auto-start' for an auto-start tuunel
tunnels
470. AUTH-3-ERR: 3 """Both `auto-start' and This error is generated when the user
WIOS_SECURITYMGR `dont-initiate' specified "" tries to configure both, Auto-start and
""for a tunnel dont- initate, for a tunnel at the same
time.
471. AUTH-3-ERR: 3 """Out of memory. Could not Tunnel name could not be accounted
WIOS_SECURITYMGR allocate memory for "" for due to memory constraints. Free
""tunnel name! up necessary memory.
472. AUTH-3-ERR: 3 """Malformed IKE identity The IKE secret identity used has
WIOS_SECURITYMGR `%s' for tunnel"", identity corrupt characters. Create a new one
with usable parameters.
473. AUTH-3-ERR: 3 """Malformed IKE secret for The IKE secret password used has
WIOS_SECURITYMGR tunnel corrupt characters. Create a new
secret with usable parameters.
474. AUTH-3-ERR: 3 """Extended (64 bit) "" Extended (64 bit) sequence numbers
WIOS_SECURITYMGR ""sequence numbers are not not supported for manually keyed
supported for manually tunnels. Do not use extended 64 bit.
keyed "" “tunnels
475. AUTH-3-ERR: 3 """Invalid SPI values Invalid SPI values specified for ESP
WIOS_SECURITYMGR specified for ESP: in=%08x, authentication credentials.
out=%08x
476. AUTH-3-ERR: 3 """Invalid SPI values Invalid SPI values specified for AH
WIOS_SECURITYMGR specified for AH: in=%08x, authentication credentials.
out=%08x"",
477. AUTH-3-ERR: 3 """Invalid CPI values Invalid CPI values specified for
WIOS_SECURITYMGR specified for IPComp: "" IPComp.
""in=%04x, out=%04x
479. AUTH-3-ERR: 3 """Manual key already Manual key credentials have already
WIOS_SECURITYMGR configured been configured. Do not change their
values or use a different key.
483. AUTH-3-ERR: 3 "Too much key material for Byte limit exceeded for manual key.
WIOS_SECURITYMGR manually keyed tunnel. " Ensure the key size is not too long.
"Needs only %u bytes but
got %u bytes"
484. AUTH-3-ERR: 3 """Invalid key sizes specified Invalid key size specified. Ensure the
WIOS_SECURITYMGR key size is consistent with what is
expected.
485. AUTH-3-ERR: 3 """Algorithm key sizes Key sizes specified for unknown
WIOS_SECURITYMGR specified for unknown algorithm. Validate expected key size
algorithm before continuing.
486. AUTH-3-ERR: 3 """Key size limits specified A fixed key size must be used.
WIOS_SECURITYMGR for fixed key size "" ""cipher
%s
487. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.
488. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.
489. AUTH-3-ERR: 3 """The maximum cipher key Maximum cipher key size too large for
WIOS_SECURITYMGR size %u is bigger than "" expected. Reduce key size or use a
""the built-in maximum %u different key.
490. AUTH-3-ERR: 3 Remote IKE peer %@%@ Remote machine where the tunnel
WIOS_SECURITYMGR terminates.
491. AUTH-3-ERR: 3 Local IKE peer %@%@ Local machine which initiates the
WIOS_SECURITYMGR tunnel.
493. AUTH-4-WARNING: 4 """The maximum number of The maximum number of active phase
WIOS_SECURITYMGR active Phase-1 SAs reached 1 security associations has been
reached.
494. AUTH-4-WARNING: 4 """The maximum number of The maximum number of active phase
WIOS_SECURITYMGR active Phase-1 negotiations 1 security associations has been
"" ""reached reached.
496. AUTH-4-WARNING: 4 """Cannot use binary Binary formatting for syslog audit is
WIOS_SECURITYMGR formatting for syslog "" not permitted.
""auditing.
497. AUTH-4-WARNING: 4 """Cannot create audit file Audit file contect cannot be audited.
WIOS_SECURITYMGR context. Is '%s' a "" ""valid Suspected reason is invalid filename.
file name?
2-36 WS 5100 Series Switch Troubleshooting Guide
501. AUTH-4-WARNING: 4 """Could not set CA Could not set CA certificate to non-
WIOS_SECURITYMGR certificate to non-CRL CRL issuer. This may cause
issuer. """"This may cause authentication errors if valid CRLs are
authentication errors if valid not available.
CRLs """"are not available
502. AUTH-4-WARNING: 4 """Could not set the trusted Trusted credentials could not be set
WIOS_SECURITYMGR set for a CA certificate for certificate. Review the attributes
of the certificate or (if necessary) use
a different certificate.
504. AUTH-4-WARNING: 4 """Could not lock certificate Could not lock certificate in cache.
WIOS_SECURITYMGR in cache
505. AUTH-4-WARNING: 4 """Could not insert Certificate could not be inserted into
WIOS_SECURITYMGR certificate into local local database. Review the attributes
database of the certificate or (if necessary) use
a different certificate.
509. AUTH-4-WARNING: 4 "%s Phase-1 notification Phase 1 notifications may have been
WIOS_SECURITYMGR `%s' (%d) (size %d bytes) encrypted in plain text. Verify to
""""from %s%@ for protocol ensure data protection.
%s spi[0...%d[=%s"",
encrypted ? ""Encrypted"" :
""Plain-text"",
514. AUTH-4-WARNING: 4 """Type of the local ID %@ Properties of the key extension may
WIOS_SECURITYMGR is not KEY-ID for "" ""the not be supported. The negotiation
mamros-pskeyext and handshake of key credentials
negotiation. "" ""The may fail.
negotiation might fail.
516. AUTH-4-WARNING: 4 """% PFS group proposed Perfect Forward Secrecy (PFS) group
WIOS_SECURITYMGR for IPComp has been proposed for IP Comp.
517. AUTH-4-WARNING: 4 """Trigger for non-IP packet Request for policy dropped.
WIOS_SECURITYMGR of protocol %d. ""
""Dropping request for
policy
518. AUTH-4-WARNING: 4 """The rule is not in the A requested rule is not in active
WIOS_SECURITYMGR active configuration. "" configuration, and can therefore not
""Dropping request for be supported.Request for policy is
policy being dropped
2-38 WS 5100 Series Switch Troubleshooting Guide
527. AUTH-6-INFO: 6 """ %s using %s (%s%s - This error message displays the
WIOS_SECURITYMGR %s) stauts of IKE negotiaion that is
carried out either in main mode or
aggressive mode.
532. AUTH-6-INFO: 6 """ Message: Could not Policy rule could not be properly
WIOS_SECURITYMGR select policy rule selected during authentication
attempt.
533. AUTH-6-INFO: 6 """ Reason: Reason for not selecting a policy rule.
WIOS_SECURITYMGR
Syslog Messages & MU Disassociation
538. AUTH-6-INFO: 6 """ Reason: "" ""Could not Problem encountered during
WIOS_SECURITYMGR register remote access authentication attempt. Could not
client register remote access client.
541. AUTH-6-INFO: 6 """ Reason: Could not Specific attributed could not encoded
WIOS_SECURITYMGR encode attributes during authentication attempt.
542. AUTH-6-INFO: 6 """ Reason: Could not Specific attributed could not encoded
WIOS_SECURITYMGR encode attributes during authentication attempt.
546. AUTH-6-INFO: 6 """ Message: Could not Configuration parameters could not
WIOS_SECURITYMGR store configuration "" be stored during authentication
""parameters attempt.
553. AUTH-6-INFO: 6 """ PFS using Diffie- PDF using DH group for the above IP
WIOS_SECURITYMGR Hellman group %u (%u Sec security association.
bits)"",
554. AUTH-6-INFO: 6 """ Local Proxy ID %@ Local proxy ID for IP Sec security
WIOS_SECURITYMGR association.
555. AUTH-6-INFO: 6 """ Remote Proxy ID %@ Remote proxy ID for IP Sec security
WIOS_SECURITYMGR association.
556. AUTH-6-INFO: 6 """ Inbound SPI: | Displays this message when the
WIOS_SECURITYMGR Outbound SPI: | Algorithm: inbound/outbound SPI for the above
IP Sec security association happens.
558. AUTH-6-INFO: 6 """ ESP [%08x] | [%08x] | ESP algorithm for the above IP Sec.
WIOS_SECURITYMGR %s%s - %s
559. AUTH-6-INFO: 6 """ IPComp [%04x] | IP Comp algorithm for the above
WIOS_SECURITYMGR [%04x] | %s IPSec security association.
563. AUTH-6-INFO: 6 """Message: Could not Remote peer's identity could not be
WIOS_SECURITYMGR verify remote peer's identity properly identified during
authentication attempt.
564. AUTH-6-INFO: 6 """ Message: PPP failure PPP failure during authentication
WIOS_SECURITYMGR attempt.
568. AUTH-6-INFO: 6 """ Message: Could not PPP session could not be properly
WIOS_SECURITYMGR start PPP"") started.
Syslog Messages & MU Disassociation
571. AUTH-6-INFO: 6 """ Message: Could not Layer 2 rules could not be properly
WIOS_SECURITYMGR create L2TP rule generated during authentication
attempt.
572. AUTH-6-INFO: 6 """ Message: Could not add ARP entry could not be added during
WIOS_SECURITYMGR ARP entry authentication attempt.
573. AUTH-6-INFO: 6 """ PPP Authentication PPP authentication method for SA.
WIOS_SECURITYMGR method:
577. AUTH-6-INFO: 6 """ or private key was Private key was not availabale during
WIOS_SECURITYMGR not available authentication attempt.
578. AUTH-6-INFO: 6 """ Attributes sent to client Authentication attributes have been
WIOS_SECURITYMGR sent to the client.
580. AUTH-6-INFO: 6 No IPSec rules configured Failed responder policy rule selection
WIOS_SECURITYMGR due to no IPSec rules being
configured.
581. AUTH-6-INFO: 6 Peer IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a peer IP address mismatch.
582. AUTH-6-INFO: 6 Local IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a local IP address mismatch.
583. AUTH-6-INFO: 6 Local IP address mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to a local IP address mismatch.
585. AUTH-6-INFO: 6 Access group mismatch Failed responder policy rule selection
WIOS_SECURITYMGR due to access group mismatch.
589. AUTH-6-INFO: 6 Remote IKE peer %s%@ ID Remote device where IKE tunnel
WIOS_SECURITYMGR %@ terminates
594. AUTH-6-INFO: 6 Protocol given more than Security association selection failure.
WIOS_SECURITYMGR once Failed responder security association
selection due to protocol provided
more than once.
601. AUTH-6-INFO: 6 Algorithm did not match Security association selection failure.
WIOS_SECURITYMGR policy Failed responder security association
selection due to algorithm not
matching policy.
617. AUTH-6-INFO: 6 Rule not active (invalid Security association selection failure.
WIOS_SECURITYMGR interface selector?) Failed responder security association
selection.
620. NO INFORMATION: NEED 6 "Local L2TP peer %s:%s Device where L2TP tunnel is initiated.
MNEMONIC FROM
ENGINEERING
621. NO INFORMATION: NEED 6 Remote L2TP peer %s:%s Device where L2TP tunnel is
MNEMONIC FROM terminated.
ENGINEERING
622. DAEMON-3-ERR: 3 """%s: Could not start Registration failed for any of these
WIOS_SECURITYMGR application gateway: "" services cifs, dns, ftp, netbios, sip,
""registration failed: %s. socksify or wins.
623. DAEMON-3-ERR: 3 """%s: Could not create Insufficient memory resulted in the
WIOS_SECURITYMGR application gateway: """"out failed creation of application
of memory. gateway.
624. DAEMON-3-ERR: 3 """%s: Could not create Initialization failure resulted in the
WIOS_SECURITYMGR application gateway: failed creation of application
""""initialization failed. gateway session.
626. DAEMON-3-ERR: 3 "%s: Can't start application Application gateway could not be
WIOS_SECURITYMGR gateway: " started due to failed registration.
"registration failed; reason
%s.""
629. NO INFORMATION: NEED 3 """%s: Could not decode Configuration data could not be
MNEMONIC FROM configuration data """"for decoded. Validate the configuration
ENGINEERING service %u and try again.
634. DAEMON-3-ERR: 3 """Could not export IKE SA IKE information within a security
WIOS_SECURITYMGR association could not be exported.
635. DAEMON-3-ERR: 3 """Could not save IKE SA IKE information within a security
WIOS_SECURITYMGR `%s association could not be saved.
636. DAEMON-3-ERR: 3 """Could not remove IKE SA IKE information within a security
WIOS_SECURITYMGR `%s association could not be removed.
638. DAEMON-3-ERR: 3 " ""Could not read IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s'” be read.
639. DAEMON-3-ERR: 3 """Could not import IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s be imported.
640. DAEMON-3-ERR: 3 """Could not allocate IKE SA An IKE security association could not
WIOS_SECURITYMGR `%s be allocated.
641. DAEMON-3-ERR: 3 """Rule commit failed User access rule could not be
WIOS_SECURITYMGR established. The rule could not be
permitted.
649. DAEMON-6-INFO: 6 %s: Can't serve connection; Existing space does not permit
WIOS_SECURITYMGR reason: no space. updates to configuration. Space must
be freed to make requested update.
655. DAEMON-2-CRIT: 2 "service %s: insufficient Existing memory space does not
WIOS_SECURITYMGR memory available, "" permit updates to configuration.
""unable to apply new Memory space must be freed to make
configuration requested update.
656. DAEMON-2-CRIT: 2 "service %s: internal error, This error message occurs when
WIOS_SECURITYMGR could not "" ""unmarshal security manager encounters a failure
configuration! while unmarshalling a configuration
for application gateways.
658. DAEMON-4-WARNING: 4 """No IKE logging enabled. Login not enabled for IKE negotiation.
WIOS_SECURITYMGR The system has not ""
""been compiled with `--
enable-debug'.
This chapter describes the known troubleshooting techniques for the following data protection activities:
• Switch Password Recovery
• RADIUS Authentication
• Rogue AP detection
• Firewall configuration
3-2 WS5100 Series Switch Troubleshooting Guide
CAUTION Using this recovery procedure erases the switch’s current configuration and
! data files from the switch /flash dir. Only the switch’s license keys are retained.
You should be able to log in using the default username and password (admin/
superuser) and restore the switch’s previous configuration (only if it has been
exported to a secure location before the password recovery procedure was
invoked).
1. Connect a terminal (or PC running terminal emulation software) to the serial port on the front of the
switch.
The switch login screen displays. Use the following CLI command for normal login process:
WS5100 login: cli
Username: restore
Password: restoreDefaultPasword
WARNING: This will wipe out the configuration (except license key) and user
data under "flash:/" and reboot the device
4. Just enabling detectorscan will not send any detectorscan request to any adopted AP. User should also
configure at least a single radio as a detectorAP. This can be done using the set detectorap command in
rogueap context.
5. Associate WLAN and Network Policy to the active Access Port Policy.
Any request matching the configured criteria should take the action configured in the Classification
Element.
Network Events and Kern Messages
This chapter includes two network event tables to provide detailed information and understanding of
potential network events. These tables are:
• Table 4.1, Network Event Message/Parameter Description Lookup
• Table 4.2, Network Event Course of Action Lookup on page 4-6
Table 4.1 Network Event Message/Parameter Description Lookup
2 Packet discard Discarded Packet: Wrong NIC <XX> <XX> vs XX = Ethernet port that received the
[wrong NIC] <YY> from access port ZZ. packet = 1 or 2
YY = Ethernet Port that the access port
was adopted from = 1 or 2
ZZ = MAC (xx:xx:xx:xx:xx:xx) address of
the Access Port
3 Packet discard Discarded Packet: Wrong VLAN <XX> <XX> XX = VLAN that received the packet (an
[wrong VLAN] vs <YY> from access port <ZZ>. integer).
YY = VLAN the access port was adopted
from (an integer).
ZZ = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.
4 AP adopt failure Adoption <XX> failed. The MAC address XX = MAC (xx:xx:xx:xx:xx:xx) address of
[general] has been used by an existing access port. the radio or access port.
5 AP adopt failure Access port policy prevented port with MAC XX = MAC (xx:xx:xx:xx:xx:xx) address of
[policy disallow] <XX> from being adopted. the access port.
6 AP adopt failure This event and message is currently not Not applicable.
[acl disallow] configured. It will be configured in the next
service release.
4-2 WS5100 Series Switch Troubleshooting Guide
8 AP adopt failure License denied access port <XX> adoption. XX = MAC (xx:xx:xx:xx:xx:xx) address of
[license disallow] Maximum access ports allowed with the access port.
current license = <YY>. YY = License Level (integer).
9 AP adopt failure Access port with MAC <XX> can not be XX = MAC (xx:xx:xx:xx:xx:xx) address of
[no image] adopted because no valid firmware image the access port.
file can be found.
10 AP status [offline] Access port <XX> with MAC address <YY> XX = Name (string) of the access port.
is unavailable. <YY> = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.
Taking access port <XX> with MAC address XX = Name (string) of the access port.
<YY> offline. <YY> = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.
11 AP status [alert] Access port <XX> with MAC address <YY> XX = Access port name (string).
is in Alert status due to country not set. YY = Access port MAC (xx:xx:xx:xx:xx:xx)
address.
Access port <XX> with MAC address <YY> XX = Access port name (string)
is in Alert status. <YY> = Access port MAC
(xx:xx:xx:xx:xx:xx) address.
Radio <XX> with Mac <YY> is adopted. XX = Access port name (string).
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the access port.
13 AP status [reset] Radio <XX> with MAC <YY> was reset. XX = Name (string) of the radio.
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the radio.
14 AP config failed Radio <XX> <YY> no ESS - configuration XX = Name (string) of the radio.
[wrong ESS] FAIL. YY = MAC (xx:xx:xx:xx:xx:xx) address of
the radio.
15 AP max MU count MUs for this RF port are over margin: <XX>. XX (integer ) = Number of MUs associated
reached to this access port.
18 Device msg Dropping Loadme message from <XX> XX = MAC (xx:xx:xx:xx:xx:xx) address of
dropped [loadme] whose parent is <YY>. the access port.
YY = MAC (xx:xx:xx:xx:xx:xx) address of
the switch to which the access port is
adopted.
22 MU assoc failed Access port refused MU <XX> association. XX = Wireless client MAC
Error <YY>. (xx:xx:xx:xx:xx:xx) address.
<YY> = Reason code number (integer).
23 MU status Mobile Unit <XX> was associated to access XX = MAC (xx:xx:xx:xx:xx:xx) address of
[associated] port <YY>. the MU.
YY = Name (string) of the access port.
24 MU status Mobile Unit <XX> with MAC <YY> roamed XX = Name (string) of the MU.
[roamed] from access port <ZZ> to (Name of the YY = MAC (xx:xx:xx:xx:xx:xx) address of
access port to which the Mobile Unit the MU.
roamed).
ZZ = Name (string) of the access port the
MU roamed from.
25 MU status Mobile Unit <XX> with MAC address <YY> XX = Name (string) of the mobile unit.
[disassociated] was disassociated. Reason code <ZZ>. YY = MAC (xx:xx:xx:xx:xx:xx) address of
the mobile unit.
ZZ = Reason (integer) code number.
29 MU Kerberos auth MUs failed authentication via Kerberos. [MAC address of MU]
success [Error code <code>] [Radius error code]
Mobile Unit with MAC [MAC address of MU]
<MU_MAC_address> successfully
[# minutes authentication is valid for].
authenticated via Kerberos - authentication
expires in <#> minutes.
30 MU TKIP [decrypt MU <MU_MAC_address> has high decrypt [MAC address of MU (in 6 octets)]
failure] failure rate.
31 MU TKIP [replay MU <MU_MAC_address> has high replay [MAC address of MU (in 6 octets)]
failure] failure rate.
32 MU TKIP [MIC MIC validation failed for MU %s on ESS [MAC address of MU]
error] <ID>. [ESSID with which MU is associated]
34 WLAN auth failed WLAN <WLAN name> (ESS <ID>) could not [WLAN name]
be authenticated with KDC at <KDC MAC [ESSID]
address> <port> after <#> attempts - still
[MAC xx:xx:xx:xx:xx of KDC server]
trying...
[port on KDC server]
[number of attempts]
36 Mgt user auth GUI/CLI User userid Authentication Failure: userid = string
failed [radius] User userid rejected by Radius server RADIUS server hostname/IP address =
RADIUS server hostname/IP address. string
53 Emergency Policy Emergency Switch Policy Emergency Switch Emergency Switch Policy = string
[active] Policy is activated.
54 Emergency Policy Emergency Switch Policy Emergency Switch Emergency Switch Policy = string
[deactivated] Policy is deactivated. [previous de-activated policy name]
"Emergency Switch Policy %s is
deactivated."
55 Low flash space on Found disk=”<percent disk spaced used>” percent disk spaced used = decimal
switch-alert USED disk-space - VACUUMing Database in (xx.xx)
5 secs to free-up space
4-6 WS5100 Series Switch Troubleshooting Guide
Table 4.2 provides a list of the same events shown in Table 4.1 , but with additional information and
suggestive actions to resolve or understand an event.
Table 4.2 Network Event Course of Action Lookup
1 Clock change The date/time setting was changed on the This event can only occur by
switch changing the date/time.
Network Events and Kern Messages 4-7
3 Packet discard If an Ethernet port is configured for 802.1q The access port may have been
[wrong VLAN] trunking when an access port is adopted, the removed and reconnected to another
switch remembers which VLAN the access port part of the network that is connected
was adopted from. The switch will only accept to the other Ethernet port of the
data from that access port through the VLAN switch. Or, the access port’s logical
which it was adopted from. If the switch receives connection to the network has
data from that access port on another VLAN, it changed, causing it to be connected
will be discarded. to the other Ethernet port of the
switch. If intentional, the access port
must be removed from the switch
and readopted through the new
Ethernet port. If unintentional,
reconnect the access port to the
Ethernet port that it was adopted
through.
4 AP adopt failure An access port’s request to be adopted has been Confirm that there are actually two
[general] rejected because there is already another access access ports with the same MAC
port with the same MAC address currently active address and contact Motorola
on the switch. Customer Support.
5 AP adopt failure An access port’s request to be adopted has been If the switch is to adopt the access
[policy disallow] rejected because the Switch is configured to port, either manually adopt it by
deny adoption of access ports. including it in the “include list” of the
adoption list or by configuring the
Switch to “allow adoption” of access
ports.
6 AP adopt failure The access port’s request for adoption was If the switch is to adopt the access
[acl disallow] rejected because the access port is in the port, remove the access port from the
exclude list of the adoption list. “exclude list” of the adoption list.
7 AP adopt failure Switch ran out of licenses or, albeit unlikely, the There are more AP devices than there
[limit exceeded] switch ran out of memory to create a radio- are licenses. Either remove the extra
object. APs or purchase more licenses.
4-8 WS5100 Series Switch Troubleshooting Guide
9 AP adopt failure It seems that the switch does not have a valid AP From your Web UI, go to “System
[no image] image firmware file to download onto the AP. Settings > Firmware Management >
Available Images…” and make sure
there is an image for AP’s model.
10 AP status [offline] • This access port has been unavailable for a Unavailable means that the switch
long time. has not been able to communicate
• The status of this access port has changed to with this access port for more than
Unavailable. 10 seconds.
11 AP status [alert] The status of the access port has changed to • The country code for the Switch
Alert. has to be set to something other
than “None” (default) before an
access port can be adopted. Until
then, all access ports will be at
“Alert” status.
• The access port needs attention.
Look for other Event Notification
messages for details.
12 AP status The status of the access port has changed to
[adopted] Alert.
14 AP config failed There are no in-use WLANs configured on this This access port will have an Alert
[wrong ESS] switch. status until it is configured with an
Access Port Policy with a valid
WLAN. If the WLAN is using
Kerberos security, check that the
WLAN is authenticated by the KDC.
15 AP max MU count An access port has reached the maximum limit of When the limit has been reached, the
reached 128 MUs which can associate to a single access access port will not allow any
port. additional MUs to associate.
17 Device msg A DEVICEINFO message is received from an AP There may be multiple Primary and
dropped [info] (with the AP configuration), but the AP claims to Active WS5100s on the same
have another switch as parent. physical subnet. Either remove the
extra switches or configure them for
“Hot Standby” operation.
18 Device msg A LOADME request is received from an AP (a There may be multiple Primary and
dropped [loadme] WSAP-50xx), but the AP claims to have another Active WS5100s on the same
switch as parent. physical subnet. Either remove the
extra switches or configure them for
“Hot Standby” operation.
Network Events and Kern Messages 4-9
20 Ether port A previously connected Ethernet port was If you see excessive amounts of this
disconnected disconnected. message you may have a cable or
switch hardware problem.
21 MU assoc failed This MU was rejected as it requested to If this is not intentional check your
[ACL violation] associate to the WLAN with an Access Control Access Control List and make sure
List. this MAC address is not rejected by
policy.
22 MU assoc failed This message cannot be due to REASON CODE Either incorrect security policy is
80211 STATION LIMIT EXCEEDED applied or policy is configured
incorrectly.
24 MU status A MU roamed from to another access port. Refer to reason codes table for an
[roamed] explanation.
26 MU EAP auth A MU EAP authentication request failed. Invalid username or password. Login
failed again.
30 MU TKIP [decrypt The switch has encountered high levels of This could be suspicious. If this is a
failure] sequential decrypt failures with this MU. known MU, it should be re-
associated.
33 WLAN auth
success
41 KDC user
[changed]
43 KDC DB replaced
46 Primary lost The Primary switch in Standby mode did not If this event occurs but failover does
heartbeat receive monitoring heartbeats from the Standby not occur, then there is possible
switch. congestion on the network causing
the heartbeats to be lost. Also, look
for other events prior to the lost
heartbeats that might indicate a
problem, such as Ethernet port
disconnected.
47 Standby active The Standby switch has changed its state from A failover has occurred.
Monitoring to Active.
48 Primary internal
failure [reset]
49 Standby internal
failure [reset]
Network Events and Kern Messages 4-11
55 Low flash space on The used disk space exceeds 80%. This will be Remove any unused policies, ACLs,
switch-alert reported approximately every five hours. user names, files, etc.
ccdev.c PKT_INFO( ""mu ""MACSTR"" w/ aid %d added A mobile unit with the given mac address has
to prtl ""MACSTR,); been added to radio <mac>.
ccdev.c PKT_ERR( ""ccdev : %s bad cmd->index %d"", Another program module tried to set a
__FUNCTION__, cmd->index ); command on a non-existing ethernet port. This
is to guard against programming errors. This
should not happen in the field.
ccdev.c PKT_ERR( ""ccdev : %s no vlan cfg for idx %d"", Another program module tried to set a
__FUNCTION__, cmd->index ); command on non-existing vlan devices. This is
to guard against programming errors. This
should not happen in the field.
ccdev.c PKT_ERR( ""ccdev : %s bad cmd id : %d"", Another program module tried to set a
__FUNCTION__, cmd->id ); command for a vlan device, but the command is
not known to the packet driver. This is to guard
against programming errors. This should not
happen in the field.
ccdev.c PKT_ERR( ""%s : bad ioctl_num %d"", Another program module sent a general
__FUNCTION__, ioctl_num ); command that is not known to the packet driver
This is to guard against programming errors.
This should not happen in the field.
ccdev.c PKT_ERR( ""ccdev : CC server not up"" ); The packet driver received a packet that is
destined to cell controller server, and has
detected that cell controller server is not up and
running. This can happen if cell controller server
has crashed.
ccdev.c PKT_WARN( ""Queue to user space full, packet The queue from packet driver to the cell
throttled=%d"", rd_list_dropped ); controller server is full and additional packets
destined for the cell controller are being
receieve. The queue limit is 1000 packets for
the WS5100 switch. This can happen if cell
controller process has died and the packet
driver did not detected this. As a result, the
system is flooded with packets that require
processing by the cell controller.
crypt.c PKT_WARN( ""crypt: enabling countermeasures A condition has triggered counter measures on
on wlan %d"", wlan_idx ); the specified WLAN.
crypt.c PKT_INFO( ""crypt: disabling countermeasures A condition has been satified to disable counter
on wlan %d"", wlan_idx ); measures on the specified WLAN.
crypt.c PKT_INFO( ""WEP Decrypt Failed Decryption failed for the specified mobile MAC
""MACSTR""\n"", MAC2STR( mu->cfg.addr ) ); address.
Network Events and Kern Messages 4-13
crypt.c PKT_INFO( ""TKIP Replay check fail ""MACSTR"" TKIP: Replay check failed for the specified MAC
got: %x %x expecting:%x %x\n"",); address.
crypt.c PKT_WARN( ""tkip: station replay counters out TKIP: Station replay counters are out of sync.
of sync for ""MACSTR"". deauthing\n"",
MAC2STR( mu->cfg.addr ) );
crypt.c PKT_INFO( ""aes replay check failed AES: Replay check failed for the specified mac
""MACSTR"" got: %x%x expected:%x%x\n"",); address.
crypt.c PKT_WARN( ""aes: station replay counters out AES: Station replay counters are out of sync.
of sync for ""MACSTR"". deauthing\n"",
MAC2STR( mu->cfg.addr ) );
crypt.c PKT_INFO( ""qos admission control verification A mobile station has sent more packets then
failed\n""); allowed.
crypt.c PKT_INFO( ""rx encrypted frame from Received an encrypted frame on an unencrypted
""MACSTR"" when policy is no encryption.\n"",); WLAN.
crypt.c PKT_INFO( ""dropping clear frame from Received a unencrypted frame on an encrypted
""MACSTR"". policy requires encryption.\n"",); WLAN.
crypt.c PKT_INFO( ""EWEP bit in WEP hdr = 1, Expected Extended WEP mask is set on a WEP encrypted
0 ""MACSTR""\n"",); WLAN.
crypt.c PKT_INFO( ""EWEP bit in WEP hdr = 0, Expected Extended WEP mask is not set on Keyguard,
1 ""MACSTR""\n"",); TKIP or CCMP encrypted WLANs.
crypt.c PKT_INFO( ""qos admission control verification The intended receiving station has exceed its
failed\n"" ); bandwidth use allocated by QOS.
crypt.c PKT_ERR( ""unknown %s encryption type %d"",); The WLAN has an encryption type that is
unknown to the packet driver. This is to guard
against programming errors from other
modules.
dhcp.c PKT_WARN( ""%s : wrong IP version %u"", Received a non IP-v4 packet
__FUNCTION__, skb->nh.iph->version );
dhcp.c PKT_ERR( ""%s : bad cookie %x"", Recevied a DHCP packet with an unknown
__FUNCTION__, ntohl( *( (U32*)posn ) ) ); cookie.
4-14 WS5100 Series Switch Troubleshooting Guide
driver.c PKT_INFO( ""rx from Linux"" ); The packet driver received a packet from Linux.
This is for debugging purposes only.
driver.c PKT_ERR( ""Error initializing virtual device"" ); The packet driver has failed to initialize its own
working virtual device.
flowctl.c PKT_WARN( ""flowctl: bad tx_res, retries=%d, An unexpected or impossible transmit result
rate=%d"", retries, rate ); from a WISP packet.
flowctl.c PKT_INFO( ""flowctl: no stats update for The tranmittted packet corresponding to this
dropped seq %x"",); WISP sequance can not be updated.
flowctl.c PKT_WARN( ""fc:mu removed before fc ack on An ACK for WISP packet has arrived, but the
prtl ""MACSTR,); corresponding receiving station has been
deleted from system.
flowctl.c PKT_INFO( ""fc:dropped %d consec pkts to More than 5 packets in a row to the same
""MACSTR,); station have failed.
flowctl.c PKT_INFO( ""fc:mu [""MACSTR""] in psp, Received a transmit result for a Mobile Unit in
dropped packet %d"",); PSP mode.
flowctl.c PKT_ERR( MACSTR"" prtl window wrap Detected a wrap around in the WISP flow
curr=%u, new=%u"",); control window. Note: It is expected to see the
wrap around from 65535 to zero. This is not an
error condition it is caused by a programming
error.
flowctl.c PKT_INFO( MACSTR"" fc window wrap curr=%u, Detected a wrap around in the WISP flow
new=%u"",); control window. Note: It is expected to see the
wrap around from 65535 to zero. This is not an
error condition it is caused by a programming
error.
flowctl.c PKT_ERR( MACSTR"" wisp seq %u != fc seq=%u WISP sequence with a radio has become out of
setting to %u"",); sync. Resync to the new number.
flowctl.c PKT_INFO( ""fc allocs:q full"" ); Number of pending packets in the switch has
exceed the limit. The limit is 10,000 for WS5100
switch.
flowctl.c PKT_INFO( ""fc:allocs back down to %u"", The number of pending packets has fallen back
curr_fc_allocs ); below the limit.
Network Events and Kern Messages 4-15
flowctl.c PKT_INFO( ""fc freed ack q pkt seq %d, tx time A packet pending ACK has been there for too
%u, now %u"",); long (beyond 7 seconds ) and forcefully removed
it..
flowctl.c PKT_INFO( ""fc q extract:seq %d not found in %d Received a flow control message that does not
entries"", seq, count ); have a corresponding packet pending in the
ACK queue.
flowctl.c PKT_INFO( MACSTR"" fc send failure"", A packet has failed to send due to flow control
MAC2STR( prtl_ptr->cfg.addr ) ); limitation.
flowctl.c PKT_ERR( MACSTR"" fc ack timeout:curr A radio ( Access Port) with the specified MAC
%u,acktime=%u"",); address has not sent flow control packets for 5
seconds.
flowctl.c PKT_ERR( MACSTR"" fc no prtl traffic in last %d Heart beats for the radio with specified mac
secs"",); address have not occured within last 5 seconds.
flowctl.c PKT_ERR( ""flowctl : bad tx_ctl %x"", tx_ctl ); The flow control field in WISP packets is not
properly formulated.
flowctl.c PKT_ERR( MACSTR"" std queue: can't tx, fc Sending to a radio has been temporarily
blocked"",); blocked. The current packet will be dropped.
flowctl.c PKT_INFO( ""flowctl Q-Full wlan %d, ac %d The Queue for given wlan and ac is full now.
(%d/%d)"", wlan_idx, ac_idx,);
flowctl.c PKT_INFO( MACSTR"" std queue:alloc failed, Failed to get a new queue element.
curr %d"",);
flowctl.c PKT_INFO( MACSTR"" std q:failed"", MAC2STR( Failed to send a packet due to the above
prtl_ptr->cfg.addr ) ); reasons.
flowctl.c PKT_ERR( MACSTR"" can't tx, fc mgmt A WISP management packet has been dropped
blocked"", MAC2STR( prtl_ptr->cfg.addr ) ); due to that radio being blocked.
flowctl.c PKT_INFO( MACSTR"" fc mgmt q:alloc failed"", An attempt to send a managment packet has
MAC2STR( prtl_ptr->cfg.addr ) ); failed due to a failure to aquire a queue
element.
flowctl.c PKT_INFO( MACSTR"" fc mgmt q:failed"", Attempt to send a managment packet has
MAC2STR( prtl_ptr->cfg.addr ) ); failed.
flowctl.c PKT_WARN( ""mismatch(roam?): The wireless header and the WISP header have
dest=""MACSTR"", its seq=%d, mismatched radio mac addresses.
prtl=""MACSTR"", its seq=%d"",);
flowctl.c PKT_INFO( ""fc can't send"" ); A WISP data packet has failed to send.
flowctl.c PKT_WARN( ""std: pkt sent %d not in ack An attempt has been made to remove a failed
queue"", q_elem->seq ); packet from the ACK queue, but the packet is
not there.
4-16 WS5100 Series Switch Troubleshooting Guide
flowctl.c PKT_WARN( ""mgmt fc: send failed seq %d not An attempt has been made to remove a failed
in ack queue"", q_elem->seq ); packet from the ACK queue, but the packet is
not there.
flowctl.c PKT_INFO( MACSTR"" fc free queues"", Remove the FC queue for the radio with the
MAC2STR( prtl_ptr->cfg.addr ) ); specified MAC address when deleting the
radio.
flowctl.c PKT_ERR( ""Unknown fc_type = %d on Detected an unkown WISP flow control type.
""MACSTR,);
flowctl.c PKT_ERR( ""flowctl: num_pkts_on_portal = 0, An attempt has been made to decrement the
ac_idx = %d can't dec"",); packet counter when it is already at zero.
flowctl.c PKT_ERR( ""%d not found in ack queue for The given WISP sequence is not in the ACK
""MACSTR, seq,); queue.
flowctl.c PKT_INFO( MACSTR"" fc window wrap around Flow control window wrap around occured.
curr = %d, new = %d"",);
flowctl.c PKT_WARN( MACSTR"" ack q is null for Tried to update WISP with ACK sequence, but
seq:0x%08x"",); the ACK queue is empty.
flowctl.c PKT_ERR( ""Invalid Wisp cmd id: 0x%04X"", cmd Invalid WISP commad ID.
);
flowctl.c PKT_ERR( ""psp update tim: alloc skb failed"" ); Tried to send a WISP update TIM, but failed to
get a new buffer.
hotspot.c PKT_ERR( ""Hotspot: Netdevice does not exists The intended receive device does not exist.
for interface Vlan %d"", vlan_id );
hotspot.c PKT_ERR( ""Hotspot: Device is null"" ); The intended receive device does not exist.
pal.c PKT_WARN( ""%s : wrong IP version %u"", When trying to update the MU's IP information,
__FUNCTION__, skb->nh.iph->version ); found out that the version is not IP-v4.
pal.c PKT_INFO( ""%s : wrong arp prot %x"", Recieved ARP with a non-IP protocol.
__FUNCTION__, arp_hdr->prot );
Network Events and Kern Messages 4-17
pal.c PKT_WARN( ""%s : de-auth ""MACSTR"" tx'ing Tried to send a packet for a MU through a radio
on wrong radio:""MACSTR"" should be that it is not currently associated. Sending de-
on""MACSTR,); auth to forces it out.
pal.c PKT_ERR( ""%s: invalid data sub type %X"", Detected an invalid 802.11 sub type in packet.
__FUNCTION__, sub_type );
pal.c PKT_ERR( ""%s : 802.11 data pkt too small (%d Received a runt 802.11 packet.
bytes)"", __FUNCTION__, skb->len );
pal.c PKT_ERR( ""%s: unknown frame type %x"", Received unkown 802.11 frame type.
__FUNCTION__, ctl &
MASK_CTL_FRAME_TYPE );
pal.c PKT_INFO( ""proxy arp resp was sent"" ); A proxy ARP response was sent.
pal.c PKT_ERR( ""%s : new_skb allocation failed"", Failed to get a buffer from the OS.
__FUNCTION__ );
pal.c PKT_ERR("" vlan id %d out of range"", vlan_tag ); Received a packet with an out of range VLAN id.
pal.c PKT_ERR( ""Multicast Flooding Detected, Detected that the swich is making too many
limiting the segments in broadcast domain to copies of a multicast packet that uses too much
%d"", copy_limit ); system bandwidth. The switch limits the overall
MC bandwith per VLAN as if the multicast-
packet-limit is 32 or less. The overall MC
bandwith is 3200 packets, and the number of
copies for a given multicast packet is 3200/
multi-cast-packet-limit, when multicast-
packet-limit =32, the number of copies 3200/32
= 100 copies. If the multicast-packet-limit is 33
or above, the overall MC bandwith is 2500
packets, and the number of copies for a given
multicast packet is 3200/limit. When multicast-
packet-limit is 128, e.g., the number of copies is
2500/128 = 19 copies.
pal.c PKT_INFO( ""Non-IP pkt, no DSCP bits. Default The packet is not an IP packet. Default DSCP
DSCP to 0x08"" ); value.
pal.c PKT_INFO(""Failed to get new skb, skip""); Failed to get a packet buffer from OS.
pal.c PKT_INFO( ""from switch. Sending to wire"" ); Switching a packet from the switch to the
Ethernet wire.
pal.c PKT_INFO( ""dropping pkt src:""MACSTR"" Failed to determine the destination for a packet.
dst:""MACSTR,);
pal.c PKT_INFO( ""proxy arp resp was sent"" ); Proxy ARP response was sent.
pal.c PKT_INFO( ""dropping wisp packets to another Drop an unicast WISP packet not destined for
switch ""MACSTR,); the switch.
pal.c PKT_INFO( ""dropping L2 wisp packets in wrong Received L2 WISP packet with the wrong
direction, cmd=0x%04x"", cmd ); direction bit.
pal.c PKT_WARN( ""pal: Send_2_CC call failed for a Packet driver tried to send a de-auth packet to
deauth-req\n""); CC for it to process, but it failed.
pal.c PKT_WARN( ""pal: Send_2_CC call failed for Packet driver tried to send a mu-remove-req to
mu-remove-req\n""); CC, but it failed.
proxyarp.c PKT_INFO( ""wrong arp prot %x"", arp_hdr->prot ARP protocol type is not IP protocol.
);
proxyarp.c PKT_ERR( ""%s: skb alloc failed"", Failed to get a packet buffer from the OS when
__FUNCTION__ ); trying to send a proxy ARP response.
proxyarp.c PKT_INFO( ""arp resp: smac=""MACSTR "", Sending a proxy ARP response now.
sip=%u.%u.%u.%u dmac=""MACSTR "",
dip=%u.%u.%u.%u\n"",);
ps_capwap.c PKT_INFO( ""warning: rx data from unknown Received a data packet from an unknown portal.
portal"" ); This could happen if the radio starts to forward
traffic before it is adopted by the switch.
ps_capwap.c PKT_INFO(""Rx inactive mu stats for unknown/ Received a MU stats update for an inactive
inactive mu: "" MACSTR,); station.
ps_capwap.c PKT_WARN(""Unreal dt( tx_pkt ) @ rate %d: The delta on transmitted packets from radio
0x%08lx - 0x%08lx = 0x%08lx\n"",); stats is unrealistically big.
Network Events and Kern Messages 4-19
ps_caspwap.c PKT_WARN(""Unreal delta tx-fail: 0x%08lx - The delta on transmission failure from radio
0x%08lx = 0x%08lx\n"",); stats is unrealistically big.
ps_capwap.c PKT_WARN(""capwap skb length underrun: The actual packet length is smaller than what
received %d, expected %d\n"", skb->len, dlen ); the capwap header indicates.
ps_capwap.c PKT_ERR( ""%s : CC sending data pack to CC server is sending a data packet to a station
unknown MU"", __FUNCTION__ ); that the packet driver does not know about.
ps_common.c PKT_INFO( ""no tail room to fix for runt packet"" Tried to fix a runt Ethernet packet, but there is
); no room to do that.
ps_common.c PKT_ERR( ""pshandle:failed to allocate roam Failed to get packet buffer from the OS.
skbuf"" );
ps_common.c PKT_INFO( ""pshandle:mu ""MACSTR"" Detected that the given MAC address has
roamed"", MAC2STR ( addr ) ); roamed.
psp.c PKT_ERR( ""psp update tim: alloc skb failed"" ); Failed to get the packet buffer to update TIM.
psp.c PKT_INFO( ""psp store: max len (%d) reached. Max number of PSP packets reached.
Use of a lower DTIM value recommended"",
max_qlen );
psp.c PKT_ERR( ""psp store: out of memory"" ); Failed to get memory from the OS.
psp.c PKT_WARN( ""psp:dropped %d bytes unicast to Dropped number of bytes to a given station.
""MACSTR, skb->len,);
psp.c PKT_WARN( ""psp:deauthing ""MACSTR"" due De-auth of a station due to excessive failures.
to max-tx-fails"", MAC2STR( mu_ptr->cfg.addr )
);
psp.c PKT_INFO( ""prtl ""MACSTR"" bss %d psp queue Radio with a given MAC address, its PSP queue
full with %d pkts"",); is full.
psp.c PKT_ERR( ""dtim poll: recvd bad bss index"" ); Received a DTIM poll with bad BSS index.
psp.c PKT_WARN( ""pspoll: psp bit not set"" ); Received a PSP poll from the MU, but the PSP
bit is not set.
psp.c PKT_INFO( ""psp:mu ""MACSTR"" A station with the given MAC address is in the
authenticating"", MAC2STR( mu_ptr->cfg.addr ) process of authentication.
);
ps_wisp.c PKT_WARN( ""radio ""MACSTR"" lost first frag Missed WISP packet for given sequence range.
of seq %04x till %04x"",);
ps_wisp.c PKT_WARN( ""radio ""MACSTR"" lost seq %u to Missed WISP packet for given sequence range.
%u"",);
ps_wisp.c PKT_WARN( ""warning: unable to queue skb"" ); Failed to switch a packet from a radio to the CC.
ps_wisp.c PKT_INFO( ""warning: rx wisp data from Received a WISP data packet from an unknown
unknown portal"" ); portal.
ps_wisp.c PKT_INFO( ""ps_rx_from_cc: no portal to queue Received a packet from the CC, but there is no
to"" ); radio to send to.
ps_wisp.c PKT_ERR( ""%s : CC sending data pack to Received a packet from the CC, but the intended
unknown MU"", __FUNCTION__ ); MU is unknown.
ps_wisp.c PKT_INFO( ""ps_rx_from_cc: packet failed Failed to encrypt a packet from the CC.
encryption"" );
ratescale.c PKT_ERR( ""%s : curr = %d allowed = %x"", Tried to get to a lower or higher rate beyond the
__FUNCTION__,); allowed rate for a MU.
ratescale.c PKT_ERR( ""ratescale : no highest rate = %x"", It is already in the highest rate setting.
allowed_rates );
ratescale.c PKT_INFO( MACSTR"" rate[%s to %s], [%d/%d], Ratescale is a switch from old rate to new rate.
pct:%d"",);
reassembly.c PKT_ERR( ""fragment too big to copy:%d Reassembed packets does not fit into a single
bytes"", skb->len ); packet buffer.
reassembly.c PKT_ERR( ""reassy:unknown cmd type"" ); Unknown WISP fragment type or command.
reassembly.c PKT_ERR( ""error:fragment too big to copy:%d Reassembed packets does not fit into the single
bytes"", copy_len ); packet buffer.
reassembly.c PKT_ERR( ""PS_Frag_Send unable to alloc skb"" Failed to get packet buffer from the OS.
);
reassembly.c PKT_ERR( ""PS_BCMC_Frag_Send unable to Failed to get packet buffer to send BC packets.
alloc skb"" );
rssi.c PKT_ERR( ""rssi : bad vals ap = %d, rd = %d, rssi Trying to convert RSSI to DBM for an unknown
= %d"", ap, rd, rssi ); combination of ap, radio and rssi.
vdev.c PKT_ERR( ""null device passed to get stats Attempted to get stats for an unknown VLAN.
routine"" );
LED Information
5.1.1 Start Up
Power On Self Test (POST) running All colors in rotation All colors in rotation
5.1.2 Primary
5.1.3 Standby
The WS510 ships with a factory installed firmware image with full feature functionality. However, Motorola
periodically releases switch firmware that includes enhancements or resolutions to known issues. Verify
your current switch firmware version with the latest version available from the Motorola Web site before
determining if your system requires an upgrade.
Additionally, legacy users running either the 1.4.x or 2.x version switch firmware may want to upgrade to the
new 3.x baseline to take complete advantage of the new diverse feature set available to them. This chapter
describes the method to upgrade from either the 1.4.x or 2.x baseline to the new 3.x baseline.
CAUTION: Motorola recommends caution when upgrading your WS5100 switch image to
! the 3.x baseline as portions of your configuration will be lost and unrecoverable. Ensure
that you have exported your switch configuration to a secure location before upgrading
your switch. The upgrade.log file will contain a list of the issues found in the conversion
of the configuration file to the new format.
CAUTION: If using a 1.4.x or 2.x admin user password shorter than 8 characters (such as
! the default motorola password), the password will be converted to the 3.x baseline admin
password of “password” upon a successful update to the 3.x baseline. Ensure your
existing 1.4.x or 2.x admin password is longer than 8 characters before updating, or leave
as is and use “superuser” to login into an updated 3.x baseline.
CAUTION: After upgrading the switch baseline from 1.4.x or 2.x to the 3.x baseline,
! applet caching can produce unpredictable results and contents. After the upgrade, ensure
your browser is restarted. Otherwise, the credibility of the upgrade can come into
question.
6.1 Upgrading the Switch Image from 1.4.x or 2.x to Version 3.x
To upgrade a switch running either a 1.4.x or 2.x version to the latest 3.x version switch firmware:
1. Execute the PreUpgradeScript utility (or use the CLI) to ensure there is enough space on your system to
perform the upgrade. The PreUpgradeScript utility should be in the same directory as the upgrade files.
6-2 WS5100 Series Switch Troubleshooting Guide
2. Install the Cfgupgrade1.0-setup utility on a Windows desktop system by double clicking the
Cfgupgrade 1.0-setup file.
Follow the prompts displayed by the installer to install Cfgupgrade 1.0-setup.
A WS5100 Configuration Upgrade icon gets created within the Program Files folder. The icon can be
optionally created on your Windows desktop as well.
3. From the WS5100 running either 1.4.x or 2.x, create a configuration and save it on the switch.
WS5100# save <file name> <.cfg>
This is the configuration that will be upgraded to the new 3.x baseline.
NOTE If upgrading a 1.4.x version WS5100 to the new 3.x baseline, be sure you are
using the <WS5100-3.0.2.0-XX.v1> image file. If upgrading a 2.x
version WS5100 to the new 3.x baseline, be sure you are using the
<WS5100-3.0.2.0-XX.v2> image file.
9. On WS5100 running the legacy switch firmware, type:
WS5100#service
WS5100#password "password"
exec
Upon reboot, the switch runs the 3.x image using startup-config as the running configuration.
10.Repeat the instructions above for additional switch upgrades, ensuring
<WS5100-3.0.2.0-XX.v1> is used for 1.4.x version upgrades, and
<WS5100-3.0.2.0-XX.v2> is used for 2.x version upgrades.
6.2 Downgrading the Switch Image from Version 3.x to 1.4.x or 2.x
If for some reason you want to downgrade your WS5100 back down to a 1.4.x or 2.x version firmware image,
use one of the two following image files:
• WS5100-1.4.3.0-012R.img
• WS5100-2.1.0.0-029R.img
Troubleshooting SNMP Issues
The following SNMP-releated issues could require troubleshooting as issues are experienced with the
WS5100 switch.
MIB Browser not able to contact the agent.
General error messages on the MIB Browser: Timeout, No Response.
The client IP where the MIB browser is present should be made known to the agent. Adding SNMP clients
through CLI or Applet can do this. This can be verified by looking at /butterfly/snmp/snmpd.conf. The entries
are generally present towards the end of this file.
Not able to SNMP WALK for a GET.
First check whether the MIB browser has IP connectivity to the SNMP agent on the WS5K. Use IP Ping from
the PC which has the MIB Browser.
Then check if the community string is the same at the agent side and the manager (MIB Browser) side.
Community name is case sensitive.
MIB not visible in the MIB browser.
The filename.mib file should be first compiled using a MIB compiler, which creates a smidb file. This file must
be loaded in the mib browser.
If SETs still don't happen...
Check to see if environment variables are set. The following are the env variable to be set.
SNMPCONFPATH=/butterfly/snmp
MIBDIRS=/butterfly/snmp/mibs
MIBS=ALL
Restart the SNMP agent (the snmpd daemon)
Not getting snmptraps
Check whether snmp traps are enabled through CLI or Applet. Configure MIB browser to display notifications
or traps. (This would generally be a check box in the MIB browser preferences).
Still Not Working
Double check Managers' IP Address, community string, port number, read/write permissions, and snmp
version. Remember community string IS CASE SENSITIVE.
7-2 WS5100 Series Switch Troubleshooting Guide
Appendix A Customer Support
Motorola’s Enterprise Mobility Support Center
If you have a problem with your equipment, contact Enterprise Mobility support for your region. Contact information is
available at: http://www.symbol.com/contactsupport.
When contacting Enterprise Mobility support, please provide the following information:
• Serial number of the unit
• Model number or product name
• Software type and version number
Motorola responds to calls by email, telephone or fax within the time limits set forth in support agreements. If you
purchased your Enterprise Mobility business product from a Motorola business partner, contact that business partner
for support.
Customer Support Web Site
Motorola's Support Central Web site, located at www.symbol.com/support provides information and online assistance
including developer tools, software downloads, product manuals and online repair requests.
Downloads
http://symbol.com/downloads
Manuals
http://symbol.com/manuals
General Information
Obtain additional information by contacting Motorola at:
1-800-722-6234, inside North America
+1-516-738-5200, in/outside North America
http://www.motorola.com/
A-2 WS5100 Series Switch Troubleshooting Guide
MOTOROLA INC.
1303 E. ALGONQUIN ROAD
SCHAUMBURG, IL 60196
http://www.motorola.com
72E-100959-01 Revision A
June 2007