05-03-2012 09:42 AM
Application logs indicate 'Maximum session limit has been reached'. Access request rejected. I have the session limit maxed out to 1024. How do I get new users logged in?
05-03-2012 09:57 AM
I cleared all active sessions and this resolved the issue. However, can this be automatically purged without manual intervention?
05-03-2012 10:00 AM
Do you have RADIUS accounting configured on your controller (or whatever device you use for access)? If not, the sessions won't be removed when users leave the network.
05-03-2012 10:13 AM
this is what I have on the controller
#show running-config | include radius
ip radius source-interface vlan 632
aaa authentication-server radius "amigopod"
aaa authentication-server radius "CK-Radius"
aaa authentication-server radius "MV-Radius"
05-03-2012 10:36 AM
Indeed it does. Do you have an idle timeout set? You can check "show aaa timer" and see.
If so, I am not sure what is going on.
If not, that might be why clients are forever sticking in Amigopod.
Do you see a very large number of clients on the controller when doing "show user"?
05-03-2012 10:42 AM
# show aaa timer
User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
I have about 8 users connected to the Guest network right now because i booted everyone off to get a new guest connected. Is there a RADIUS Acct setting on the Amigopod server?
05-03-2012 11:11 AM
RADIUS accounting should be listening by default. I don't think there is a way to disable it.
Do you see about the same number of users in Amigopod and on the controller? If you connect and disconnect from your guest network, do you see yourself come and go from Amigopod?
This may be something that TAC could better assist with since they can start a web meeting and see the issue first hand.
05-03-2012 12:02 PM
well, our environment consists of IAP acting as Virtual Controllers and we also have physical controllers. So to compare if I see on both would be cumbersome. I do notice a ton of active sessions on Amigopod from the same MAC address (username column) coming from 1 of the IAP. And this IAP just happens to be leaving the cluster daily until i do a "reboot all" from the VC.
05-03-2012 12:42 PM
It sounds like that IAP is doing NAT, so all guest sessions would appear to be the same MAC. If the AP is crashing or getting rebooted, it is probably not cleaning up the sessions. That could be the root of the problem.