Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest Wireless - AAA error

I am running a guest wireless network on a Cisco 5508 WLC with 6.0.202.0 code.

My syslog is filling up with the following error message:

WLC: *May 15 12:32:59.244: %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:3968 Guest user session validation failed for guest_user10. Index provided is out of range..

The user that is assigned to the guest_user10 account works fine and has no idea this error is occurring.

This error message is occuring exactly every 15 minutes 24x7.

I believe I have a rogue user who has setup a device to try and login to the guest network automatically, every 15 minutes with the guest_user10 credentials.

I need to track this device down. I need a way to find either the MAC or IP address of the device that is causing this error message. I have tried turning on AAA debugging on the controller but I dont get anything more than the above error. I have also tried using WCS to look at the client history but it only show the normal activity.

Anyone have a debugging command or other ideas to get the MAC or IP?

3 REPLIES
Bronze

Re: Guest Wireless - AAA error

The following could cause the error:

User account entry not present

User not configured as guest

Maximum guest retries exceeded

User information not found.

The above could point to many people attempting to access your guest network simultaenously and not just one person. But that should cause no alarm, as any one would be associated to your guest network assuming that you may have no Layer 2 authentication such as WEP/WPA/WPA2 etc. The only thing preventing unauthorized access is the AAA function.

To better locate the devices making many attempts, the best tool would be the Mobility Services Engine or Identity Services Engine

Guest Wireless - AAA error

Jason:

If there is anyone that tries to connect with wrong credentials to your guest network you will find that in trap log (if traps for authenticatoin are enabled on WLC).
I have many people try to connect to my guest network with invalid credentials but I never received such message in msglog.

I think your msg is not related to someone tries to connect. It is possibly related to the machine from which the user is connecting.

Try to check the machine settings. Delete the current wlan profile and create a new one.

What is the logging level on your WLC?

Do you have "AAA Override" enabled under your WLAN/Advanced tab settings?

Are you using a radius server to authenticate your clients?

What is the sessoin timeout under your WLAN? what is the user idle timeout on the WLC?

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"
Cisco Employee

Guest Wireless - AAA error

It looks like cosmetic. However check the below settings on all wlc in the mobility WLCs that uses guest wlan.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb14556

# WLAN==>GUEST==>Security==>AAA Servers==>Authentication

priority order for web-auth user. If the "Order Used For Authentication" field was empty. put LOCAL if local database is used or AAA if radius is used.

#Also, Enable 'Excessive Web Authentication Failures' from Client Exclusion Policies.

1674
Views
0
Helpful
3
Replies
CreatePlease to create content