Security

Reply
Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Amigopod: new Guest users getting Authenication failed when enter username/password

Application logs indicate 'Maximum session limit has been reached'. Access request rejected.  I have the session limit maxed out to 1024.  How do I get new users logged in?

Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

I cleared all active sessions and this resolved the issue.  However, can this be automatically purged without manual intervention?

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

Do you have RADIUS accounting configured on your controller (or whatever device you use for access)?  If not, the sessions won't be removed when users leave the network.

Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

this is what I have on the controller

 

 #show running-config | include radius
Building Configuration...
ip radius source-interface vlan 632
aaa authentication-server radius "amigopod"
aaa authentication-server radius "CK-Radius"
aaa authentication-server radius "MV-Radius"
radius-accounting "Amigopod"
radius-accounting "Employee_Auth_Servers"

Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

looks like I have RADIUS Accounting pointing to the Amigopod server

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

Indeed it does.  Do you have an idle timeout set?  You can check "show aaa timer" and see.

 

If so, I am not sure what is going on.

 

If not, that might be why clients are forever sticking in Amigopod.

 

Do you see a very large number of clients on the controller when doing "show user"?

Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

# show aaa timer

User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes

 

I have about 8 users connected to the Guest network right now because i booted everyone off to get a new guest connected.  Is there a RADIUS Acct setting on the Amigopod server?

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

RADIUS accounting should be listening by default.  I don't think there is a way to disable it.

 

Do you see about the same number of users in Amigopod and on the controller?  If you connect and disconnect from your guest network, do you see yourself come and go from Amigopod?

 

This may be something that TAC could better assist with since they can start a web meeting and see the issue first hand.

Frequent Contributor I
Posts: 271
Registered: ‎09-24-2010

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

well, our environment consists of IAP acting as Virtual Controllers and we also have physical controllers.  So to compare if I see on both would be cumbersome.  I do notice a ton of active sessions on Amigopod from the same MAC address (username column) coming from 1 of the IAP.  And this IAP just happens to be leaving the cluster daily until i do a "reboot all" from the VC.

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Amigopod: new Guest users getting Authenication failed when enter username/password

It sounds like that IAP is doing NAT, so all guest sessions would appear to be the same MAC.  If the AP is crashing or getting rebooted, it is probably not cleaning up the sessions.  That could be the root of the problem.

Search Airheads
Showing results for 
Search instead for 
Did you mean: