Wireless Access

Reply
Frequent Contributor II

Configured Session Limit Reached

Good Morning,

 

I woke up to my controller this morning running 6.2.1.0 with the following error.

 

Apr 3 05:50:27 authmgr[1666]: <522043> <WARN> |authmgr| Configured Session limit reached for client IP=10.110.0.0
Apr 3 05:50:29 authmgr[1666]: <522043> <WARN> |authmgr| Configured Session limit reached for client IP=10.110.0.0 

 

It showed up over and over and over again and rendered the controller useless.  I noticed first when I couldn't authenticate to the VPN running on it.

 

Yesterday I changed the ip cp-redirect address to be the address of the VLAN that I'd like my guest on.  Could that have anything to do with it?  I read about where you can set the maximum sessions but could not find anywhere in the config to change that setting.  

 

Right now I've reloaded the controller to try to get it back.

 

Re: Configured Session Limit Reached

There's a setting under the user-role where you can configure the maximum amount of TCP sessions.
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Configured Session Limit Reached

hmm...I can't seem to find this.  Where exactly is it?

Frequent Contributor II

Re: Configured Session Limit Reached

Also would it help for me to use the following command?  to  see the total number of sessions?

 

show datapath session counters

 

+----+------+-----------------------------------------------------+
|SUM/| | | |
|CPU | Addr | Description Value |
+----+------+-----------------------------------------------------+
| | | |
| G | [00] | Current Entries 8799 |
| G | [01] | High Water Mark 11848 |
| G | [02] | Maximum Entries 524288 |
| G | [03] | Total Entries 658517 |
| G | [05] | Duplicate Entries 2 |
| G | [07] | Current Max link length 3 |
| G | [08] | Max link length 5 |
| G | [09] | Stale Entries 15671 |
| G | [10] | Aged Entries 634039 |
+----+------+-----------------------------------------------------+

 

Is the Maximum Entries the limit we hit?

 

 

 

Guru Elite

Re: Configured Session Limit Reached

1.  Find the user role that your user end up in.

2.  Go to configuration> Security >  Access Control

3.  Find that role and Edit.

4.  Locate the Max Sessions parameter and make sure it is 65535 and click on apply.

 

If this is your problem, very, very, very few people manipulate that parameter and it should not be touched in practice.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Configured Session Limit Reached

Okay so I found the Max Sessions under the users roles.  I see the default is 65535.  What would be a good value to top that out at for a guest network?  Or an authenticated user network.  It seems high to leave it at the default.  Any suggestions?

Guru Elite

Re: Configured Session Limit Reached

Leave it at what it currently is.

 

What is the output of "show aaa timers"?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Configured Session Limit Reached

Here is the output of show aaa timers.

 

User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 600 seconds

Frequent Contributor II

Re: Configured Session Limit Reached

We top out at most 500 clients any given day.  

 

This error began at 5:50 AM today and repeated hundreds of times.  There were probably no more than 80 connected devices this morning.  

 

None of which should have generated that much traffic.  No one had even come in to school yet.  We are a K-12 setting.

 

 

Guru Elite

Re: Configured Session Limit Reached

I think you should open a support case, because the solution is in the details that we cannot ask for in a public forum.  It does not seem obvious with limited information, but with your logs.tar support should be able to narrow it down much more quickly.

 

 

The only think I can think of is if you might have made one of your wired interfaces untrusted and now all of your wired clients are showing up in the controller.   That is my last guess.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: