On CiscoWorks Wireless LAN Solution Engine (WLSE)-Express 1030, the display of active AAA sessions shows a large number of active sessions.
This problem is documented in Cisco bug ID CSCsb44467. In WLSE 1.12, the internal AAA server does session management by default. For session management, it requires the NAS-Port and NAS-Identifier to be present in the incoming RADIUS request. It rejects the packet if either of these is not present. A large number of RADIUS requests are getting processed, usually from devices. The issue is due to an error in WLSE-Express AAA service configuration. Only AAA requests from "real" users (defined as requests with associated Accounting-Start records) should have sessions associated with them. AA requests for device authentication should not have sessions allocated.
For a workaround, manually release unwanted, or all, sessions from the AAA server administrative Graphical User Interface (GUI). Go to Admin > AAA Administration > Session. This issue is fixed in software version 2.13. For upgrading the WLSE software, refer to Wireless LAN Solution Engine Software Download.