I've inherited a network with this ongoing issue. This is a mobility express setup, with wlc526's and 521 ap's. 2 controllers and 5 ap's. After a certain amount of people start logging on, roughly 125-140, we start getting these errors for users who try to authenticate thereafter. The users will stay in a "validating identity" state. Error message is as follows:
DOT1X-3-USER_LOGIN_DENY: Authentication rejected for user host - user may already be logged in
It seems as if there's a dissassociation issue where users who move, don't get properly dissassociated. What is odd is that it only happens during high usage..and if you reset the controller(s), it temporarily fixes it for a period of time. This issue was VERY prevalent when there was only 1 controller, it would happen every other day or so, with the rebooting fixing it momentarily. After an extra WLC was added, the issue went away for about 3 weeks. Just this morning however, I reared it's ugly head again. What is odd is the other WLC didn't experience the same problem. I've divided the the ap's between the 2 controllers and oddly enough, controller 2 isn't having the issue. These 2 controllers are physically separated. Prior to me doing this, users in both buildngs were experiencing this issue. As of today, I'm only seeing this issue in the original controller. I'm planning to replace it. Not sure if this would matter or not but, Celsius wise, it's constant at 46 degrees. The other is 10 degrees Celcius less. Not sure why that would even be an issue. If it was, it would happen anytime of the day. This ONLY happens when it's peak usage. Is there a caching issue somewhere that I'm missing that I can resolve? Is there too much competition for the AP's? I've looked at everything and none of them seem to completely explain my problem. Can someone please shed some light? I've checked on our Radius server, no idication of authentication/logging errors.
We're running code 22.214.171.124.