Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

AP configured to use WLSE as radius server cannot authenticate the users

Core Issue

On CiscoWorks Wireless LAN Solution Engine (WLSE)-Express 1030, the display of active AAA sessions shows a large number of active sessions.

Resolution

This problem is documented in Cisco bug ID CSCsb44467. In WLSE 1.12, the internal AAA server does session management by default. For session management, it requires the NAS-Port and NAS-Identifier to be present in the incoming RADIUS request. It rejects the packet if either of these is not present. A large number of RADIUS requests are getting processed, usually from devices. The issue is due to an error in WLSE-Express AAA service configuration. Only AAA requests from "real" users (defined as requests with associated Accounting-Start records) should have sessions associated with them. AA requests for device authentication should not have sessions allocated.

For a workaround, manually release unwanted, or all, sessions from the AAA server administrative Graphical User Interface (GUI). Go to Admin > AAA Administration > Session. This issue is fixed in software version 2.13. For  upgrading the  WLSE software, refer to Wireless LAN Solution Engine Software Download.

Problem Type

Software issues

Configure / Configuration issues

Products

Access point

CiscoWorks Wireless LAN Solution Engine (WLSE)

Security Options

EAP

LEAP / RADIUS

PEAP

Authentication

ACS

Device Access Method

GUI Interface

880
Views
0
Helpful
0
Comments