Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Radius override disabled?

Recently we've been receiving the following log entries on our WLC 4402. Unfortunately Cisco's documentation is less than helpful as to what this message means or what could be causing it. Does anyone have insight into this?

Source 4 interface is the Management interface:

Sep 16 02:43:00.578 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:43:00.577 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:40:55.837 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:40:55.837 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.
Sep 16 02:28:29.181 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:22:14.877 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:22:14.877 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.
Sep 16 02:09:48.028 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:02:51.953 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Sep 16 02:02:51.953 apf_ms_radius_override.c:172 APF-6-RADIUS_OVERRIDE_DISABLED: Radius overrides disabled, ignoring source 4
Previous message occurred 2 times.

11 REPLIES

Re: Radius override disabled?

Is your AAA trying to send any attributes?  64/65/81 for VLAN assignment, 27 for session timeout, etc?

This message should be indicating the WLC is getting some attribute from the AAA server, and it is ignoring it, because AAA Override is not allowed on that WLAN

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Community Member

Re: Radius override disabled?

   Nothing has changed on the RADIUS server (no extra attributes); does the "4" correspond to a WLAN ID or VLAN ID or... ?

Community Member

Radius override disabled?

  Does no one else have this adding several megabytes per week to their syslogs? There must be some way to turn this off!

Community Member

Radius override disabled?

We just ran into the same thing.  We're seeing a lot of 4's and some 2's.  I checked and from what I can see our AAA server isn't sending anything special.

Community Member

Radius override disabled?

Hi,

We experience the same issue. We do have 64 and 65 attributes sent by the radius server, but their values are exactly the same as the ones sent in the Access-Request packet.

What is the best debug command on the controller allowing to see more details?

Thanks.

Community Member

Radius override disabled?

It seems like WLC tries to overwrite entries with data not received from the radius server... (it is not MPPE related issue)

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processIncomingMessages: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.797: ****Enter processRadiusResponse: response code=2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: b4:07:f9:71:72:e9 Access-Accept received from RADIUS server 10.129.0.244 for mobile b4:07:f9:71:72:e9 receiveId = 2

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798: AuthorizationResponse: 0x13c88408^M ^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   structureSize................................242^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   resultCode...................................0^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   protocolUsed.................................0x00000001^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   proxyState...................................B4:07:F9:71:72:E9-02:08^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:   Packet contains 7 AVPs:^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[01] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[02] Tunnel-Type..............................0x0000000d (13) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[03] User-Name................................user12 (6 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[04] Microsoft / MPPE-Recv-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[05] Microsoft / MPPE-Send-Key................DATA (32 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[06] EAP-Message..............................0x03090004 (50921476) (4 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *radiusTransportThread: Jan 24 18:03:52.798:       AVP[07] Message-Authenticator....................DATA (16 bytes)^M

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %LOG-7-Q_IND: acl.c:301 Unable to find an ACL by name "none".

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.800: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 2

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Applying new AAA override for station b4:07:f9:71:72:e9

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values for station b4:07:f9:71:72:e9      source: 4, valid bits: 0x0^M    qosLevel: -1, dscp: 0xffffffff, dot1pTag

: 0xffffffff, sessionTimeout: -1

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.801: b4:07:f9:71:72:e9 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1         vlanIfName: '', aclName: ''

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: b4:07:f9:71:72:e9 Unable to apply override policy for station b4:07:f9:71:72:e9 - VapAllowRadiusOverride is FALSE

Jan 24 18:03:52 wlc1 wlc1: *Dot1x_NW_MsgTask_0: Jan 24 18:03:52.802: %APF-6-RADIUS_OVERRIDE_DISABLED: apf_ms_radius_override.c:204 Radius overrides disabled, ignoring source 4

Community Member

Radius override disabled?

Any resolution to your last post.

Community Member

Radius override disabled?

I am having the same problem, do you have any resolution to this issue?

Cisco Employee

Radius override disabled?

create a test wlan using similar wlan security policy that's having issue, enable AAA override, run debug, if you don't see the message then yes radius server is setup to return override attribute and WLC is right about it, if you still see the error then it could be false positive.

Community Member

Radius override disabled?

I saw the same message int the WLC logs:

LOG-6-Q_IND: apf_ms_radius_override.c:1079 Radius overrides disabled, ignoring source 4

But there is no RADIUS server configured at all...

Community Member

So is this a WLC OS bug? The

So is this a WLC OS bug? The thing runs Linux, no? I wonder if some package can be updated to stop reporting this and hopefully reducing syslog size?

9167
Views
0
Helpful
11
Replies
CreatePlease to create content