13.2 AP Locked out of web GUI -Telnet OK

FVI_Support · June 3, 2015, 3:07pm

This is happening to at least two APs on our network. Both are 450 AP one is 5 Ghz and the other is 3.6.

Browser has PW saved and is ready to log in.

I get the:

"Unauthorized
You have timed out of your session, have been locked out due to too many unauthorized access attempts, or have exceeded your maximum allowed sessions.
Please press here to continue"

Try PW over again, no go.

Used 'Logoff' button on GUI from a workstation that was previously logged in + another workstation can log in.

While locked out of the GUI, I can login via telnet with same password OK. Logged in via telnet and I change password to the same we are using and no luck.

Reboot from telnet will then allow me to get in.

Power cycle from CMM allows us to log in as well.

After reboot, multiple workstations at our office can log in.

What is the maximum number of allowed sessions?

Can I increase the amount?

Don't ask for CNUT because I can't gather support info properly (ongoing issue).

FVI_Support · June 17, 2015, 5:17pm

What is the maximum number of allowed login sessions?

J_Mandziara · June 17, 2015, 5:35pm

@Brian Sullivan wrote:
What is the maximum number of allowed login sessions?

The radio supports 5 telnet sessions. Are you using Radius for Remote Account authorization?

FVI_Support · June 22, 2015, 6:45pm

No, we aren't using Radius.

J_Mandziara · June 24, 2015, 1:51am

@Brian Sullivan wrote:
No, we aren't using Radius.

It seems like someone, or something, is using up all of the logins.

Can you delete all but the admin account and then change the password and see if this helps?

FVI_Support · June 24, 2015, 4:31pm

Ok, I will try this and update you. Thanks!

FVI · January 18, 2016, 8:36pm

Hi I have anohter AP keeping me locked out. This AP is running 13.4. I was able to Telnet into the AP and issue a 'reset'. Once the AP was done rebooting I was able to login like normal with the same old password.

I grabbed these messages from the event log prior to the 'reset'. Has anyone else been locked out of their 450 AP but Telnet still lets them in?

01/18/2016 : 13:02:18 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:03:18 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:04:19 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:05:19 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:06:19 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:07:18 CST : :CC_SendToSocket( Dest: 19, Route: 1, SeqNum: 24, inuse
01/18/2016 : 13:55:04 CST : :Telnet user; user=root; PowerOn reset from Telnet command line;
01/18/2016 : 13:55:04 CST : :Telnet user; user=root; Reset from Telnet command line;
01/18/2016 : 13:55:05 CST : :Forced reset;
01/18/2016 : 13:55:05 CST :
******System Startup******
System Reset Exception -- User Initiated Reset
Software Version : CANOPY 13.4 AP-DES

CambiumAaron · January 21, 2016, 5:56am

Is that the entire event log? can you open a ticket with support so you can get a CNUT capture of this device? Telnet and GUI use the same authentication mechanism, but serving up a webpage is much more work than responding to telnet, so there may be clues in the logs of a CNUT capture. Opening a support ticket will get an issue submitted with us on those CC messages - those are not normal but I don't think they are related.

The GUI also uses sessions, so it is possible that your browser is trying to use old session id's which are expired? The original error message you posted indicates either a bad password or use of an expired (logged out) session id.

Please do get a ticket opened with support so we can dig in deeper. Thanks!