I am running a guest wireless network on a Cisco 5508 WLC with 184.108.40.206 code.
My syslog is filling up with the following error message:
WLC: *May 15 12:32:59.244: %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:3968 Guest user session validation failed for guest_user10. Index provided is out of range..
The user that is assigned to the guest_user10 account works fine and has no idea this error is occurring.
This error message is occuring exactly every 15 minutes 24x7.
I believe I have a rogue user who has setup a device to try and login to the guest network automatically, every 15 minutes with the guest_user10 credentials.
I need to track this device down. I need a way to find either the MAC or IP address of the device that is causing this error message. I have tried turning on AAA debugging on the controller but I dont get anything more than the above error. I have also tried using WCS to look at the client history but it only show the normal activity.
Anyone have a debugging command or other ideas to get the MAC or IP?
The above could point to many people attempting to access your guest network simultaenously and not just one person. But that should cause no alarm, as any one would be associated to your guest network assuming that you may have no Layer 2 authentication such as WEP/WPA/WPA2 etc. The only thing preventing unauthorized access is the AAA function.
To better locate the devices making many attempts, the best tool would be the Mobility Services Engine or Identity Services Engine
If there is anyone that tries to connect with wrong credentials to your guest network you will find that in trap log (if traps for authenticatoin are enabled on WLC). I have many people try to connect to my guest network with invalid credentials but I never received such message in msglog.
I think your msg is not related to someone tries to connect. It is possibly related to the machine from which the user is connecting.
Try to check the machine settings. Delete the current wlan profile and create a new one.
What is the logging level on your WLC?
Do you have "AAA Override" enabled under your WLAN/Advanced tab settings?
Are you using a radius server to authenticate your clients?
What is the sessoin timeout under your WLAN? what is the user idle timeout on the WLC?
Rating useful replies is more useful than saying "Thank you"
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...