Cisco Bug: CSCsz48475 - WLC Ignores Radius Packets on dynamic interface
Jun 30, 2016
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
Symptom: WLC 4404 version 22.214.171.124, AAA Server, peap auth. WLC ports configured as individual trunks. The AAA server is on the same subnet of the dynamic interface and the dynamic interface configured to use WLC port 2 or 3 or 4. The WLC sends the Radius Access-Requests to the AAA server using the dynamic interface IP address. The AAA server replies to the dynamic interface IP with the Radius Access-Challenge, however the WLC simply ignores the Challenges and keeps sending the Requests. Configured the WLC with "config network mgmt-via-dynamic-interface enable" but the behavior is the same. I did further tests and found that it only works if you assign the same port as the management interface to the dynamic interface. If you assign a different port than the management interface port it will ignore the packets. If the WLC is designed not to reply to Radius packets on the dynamic interface it should not send the requests though it...If it sends the Radius Access-Requests through the dynamic interface then it should process the incoming Radius packets. Conditions: WLC with interfaces connected as trunks (NOT LAG). Configure the AAA server on the same subnet as a dynamic interface. Assign a different port of the management interface port to the dynamic interface and the WLC will ignore the packets.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases