Cisco Bug: CSCta03125 - No CLASS in accounting if user assoc after idle-timeout with PMKID
Jun 30, 2016
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
Symptom: In some situation the radius accounting packet won't include the Class attribute. The main consequence is that it will break a deployment with NAC single sign on as NAC need that AV pair to discriminate user group. if you are using NAC with SSO, you will find the user mapped to the default role instead than to the correct one every time this condition is met. Conditions: WPA1+CCKM or WPA2 on SSID. Client first associate then goes in standby. Next association after stanby will fire an Accounting packet without Class AV.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases