Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

This thread has been viewed 40 times

  • 1.  3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    Posted Nov 15, 2021 10:22 AM
    We upgraded our 3810M from KB.16.10.0011 to KB.16.11.0002
    prior to that, when we'd SSH into the switch, we'd authenticate via AAA server, then type in 'enable' and authenticate again (same creds).

    After the upgrade, I can SSH & authenticate fine, but when I go do 'enable', and enter in creds, I get the "Access denied; maximum session limit for the user is reached." message

    Even if I use a different identity for the enable than from the login, same message (in case there was some secret limit of 1)
    On the Radius side, it shows it is authenticating / granting access each time.

    I didn't see anything in the release notes around anything impacting aaa or radius.
    I can get in by stopping the radius servers and using local accounts, but would be nice to have the AAA working properly again.

    No changes to the commands done, still looks like:
    aaa server-group radius "Auth1" host 192.168.5.10
    aaa server-group radius "Auth1" host 192.168.5.11
    aaa authentication ssh login radius server-group "Auth1" local
    aaa authentication ssh enable radius server-group "Auth1" local

    Wasn't finding much in the way of hits on the error message.

    ------------------------------
    John Fedor
    ------------------------------


  • 2.  RE: 3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    EMPLOYEE
    Posted Nov 16, 2021 07:08 AM
    Please open a TAC case. This may be bug 254976, which was fixed in 16.10.0013, but as you are on 16.11 it may be something different as well.

    You may consider getting users in enable mode right away, by setting the aaa authentication login privilege-mode (video here) and see if that helps.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: 3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    Posted Nov 17, 2021 12:12 AM
    Adding "aaa authentication login privilege-mode" actually made it worse somehow - shows that the Radius servers are approving the authentication request, but the switch keeps asking for the password like it didn't like it until fails after repeated attempts - this is for the initial SSH authentication, not the enable.

    I'll see about going the TAC route.

    Thanks.


    ------------------------------
    John Fedor
    ------------------------------

    Original Message


  • 4.  RE: 3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    Posted Dec 22, 2021 11:16 AM
    Hi. Were you able to get a resolution to this? I tried updating to 16.10.18 and it is giving me the same issue. I've downgraded firmware to a few different iterations (16.10.17, 16.10.4, 16.10.13, and 16.10.12) and all gave me the same issue trying to got to manager (enable) mode via ssh. Downgrading to 16.10.11 works fine. Release notes show that this was supposed to be fixed in 16.10.13, but that doesn't seem to be the case for me.

    ------------------------------
    David Emmerich
    ------------------------------

    Original Message


  • 5.  RE: 3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    Posted Dec 28, 2021 10:53 AM

    No, never did get a case opened up.  Sorry.

    John Fedor
    Principal Architect
    Direct:
    Support Desk
    630.592.6240
    630.592.6260
    visit peters.com today!
    Stay up‑to‑date and follow us on social media!
    Twitter
    LinkedIn
    Facebook
    YouTube
    Instragram
    Happy Holidays! Stay on the nice list this year by registering for our CMMC event in January!
    The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and privileged material
    Unauthorized review, use, disclosure, or distribution is prohibited.
    If you receive this material/information in error, please contact the sender and destroy the material/information.



    Original Message


  • 6.  RE: 3810M AAA error after upgrade - "Access denied; maximum session limit for the user is reached."

    Posted Jul 11, 2022 09:36 PM
    You need to add a radius attribute to NPS network policy for switch logins

    Standard radius attribute
    attribute type- service-type
    check others bubble and select Administrative\

    Once added this resolved this issue for me

    James Conrad
    Original Message