Radius override disabled?

Unanswered Question
Sep 16th, 2010

Recently we've been receiving the following log entries on our WLC 4402. Unfortunately Cisco's documentation is less than helpful as to what this message means or what could be causing it. Does anyone have insight into this?

Source 4 interface is the Management interface:

Sep 16 02:43:00.578 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:43:00.577 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:40:55.837 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:40:55.837 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.
Sep 16 02:28:29.181 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:22:14.877 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:22:14.877 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.
Sep 16 02:09:48.028 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:02:51.953 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:02:51.953 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Steve Rodriguez Thu, 09/16/2010 - 08:23

Is your AAA trying to send any attributes?  64/65/81 for VLAN assignment, 27 for session timeout, etc?

This message should be indicating the WLC is getting some attribute from the AAA server, and it is ignoring it, because AAA Override is not allowed on that WLAN

ashaw216 Fri, 10/15/2010 - 05:13

   Nothing has changed on the RADIUS server (no extra attributes); does the "4" correspond to a WLAN ID or VLAN ID or... ?

ashaw216 Tue, 08/30/2011 - 05:55

  Does no one else have this adding several megabytes per week to their syslogs? There must be some way to turn this off!

ecornwell Wed, 11/30/2011 - 12:53

We just ran into the same thing.  We're seeing a lot of 4's and some 2's.  I checked and from what I can see our AAA server isn't sending anything special.

kabassanov Tue, 01/24/2012 - 06:17

Hi,

We experience the same issue. We do have 64 and 65 attributes sent by the radius server, but their values are exactly the same as the ones sent in the Access-Request packet.

What is the best debug command on the controller allowing to see more details?

Thanks.

kabassanov Tue, 01/24/2012 - 09:36

It seems like WLC tries to overwrite entries with data not received from the radius server... (it is not MPPE related issue)

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processIncomingMessages: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processRadiusResponse: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: b4:07:f9:71:72:e9 Access-Accept received from RADIUS server 10.129.0.244 for mobile b4:07:f9:71:72:e9 receiveId = 2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: AuthorizationResponse: 0x13c88408^M ^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   structureSize................................242^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   resultCode...................................0^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   protocolUsed.................................0x00000001^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   proxyState...................................B4:07:F9:71:72:E9-02:08^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   Packet contains 7 AVPs:^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[01] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[02] Tunnel-Type..............................0x0000000d (13) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[03] User-Name................................user12 (6 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[04] Microsoft / MPPE-Recv-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[05] Microsoft / MPPE-Send-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[06] EAP-Message..............................0x03090004 (50921476) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[07] Message-Authenticator....................DATA (16 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Applying new AAA override for station b4:07:f9:71:72:e9

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9      source: 4, valid bits: 0x0^M    qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1         vlanIfName: '', aclName: ''

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: b4:07:f9:71:72:e9 Unable to apply override policy for station b4:07:f9:71:72:e9 - VapAllowRadiusOverride is FALSE

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 4

saravlak Wed, 06/20/2012 - 16:24

create a test wlan using similar wlan security policy that's having issue, enable AAA override, run debug, if you don't see the message then yes radius server is setup to return override attribute and WLC is right about it, if you still see the error then it could be false positive.

EvaldasOu Tue, 07/16/2013 - 12:40

I saw the same message int the WLC logs:

LOG-6-Q_IND: apf_ms_radius_override.c:1079 Radius overrides disabled, ignoring source 4

But there is no RADIUS server configured at all...

Actions

Login or Register to take actions

This Discussion

Posted September 16, 2010 at 4:45 AM
Stats:
Replies:10 Avg. Rating:
Views:4157 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard