Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1119
Views
0
Helpful
0
Comments

AP configured to use WLSE as radius server cannot authenticate the users

TCC_2
Level 10
Level 10

‎06-22-2009 06:05 PM - edited ‎11-18-2020 02:43 AM

Core Issue

On CiscoWorks Wireless LAN Solution Engine (WLSE)-Express 1030, the display of active AAA sessions shows a large number of active sessions.

Resolution

This problem is documented in Cisco bug ID CSCsb44467. In WLSE 1.12, the internal AAA server does session management by default. For session management, it requires the NAS-Port and NAS-Identifier to be present in the incoming RADIUS request. It rejects the packet if either of these is not present. A large number of RADIUS requests are getting processed, usually from devices. The issue is due to an error in WLSE-Express AAA service configuration. Only AAA requests from "real" users (defined as requests with associated Accounting-Start records) should have sessions associated with them. AA requests for device authentication should not have sessions allocated.

For a workaround, manually release unwanted, or all, sessions from the AAA server administrative Graphical User Interface (GUI). Go to Admin > AAA Administration > Session. This issue is fixed in software version 2.13. For  upgrading the  WLSE software, refer to Wireless LAN Solution Engine Software Download.

Problem Type

Software issues

Configure / Configuration issues

Products

Access point

CiscoWorks Wireless LAN Solution Engine (WLSE)

Security Options

EAP

LEAP / RADIUS

PEAP

Authentication

ACS

Device Access Method

GUI Interface

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents