Guest

Preview Tool

Cisco Bug: CSCtb07420 - WCS mishandles RADIUS message-authenticator from ACS5

Last Modified

Jun 30, 2016

Products (1)

  • Cisco 4400 Series Wireless LAN Controllers

Known Affected Releases

5.2(148.0)

Description (partial)

Symptom:

Radius authentications will fail from WCS 5.2.0.148 with invalid username/password message in the web GUI. Trace logs indicate message-authenticator was invalid. However ACS shows a passed authentication.

This is caused by a different order of radius attributes than the WCS expects. The message-authenticator has to be the last attribute in the packet. If the radius traffic is captured and the message-authenticator is before the other attributes in the packet order, the the authentication will fail.

Conditions:

Radius authentication with:
ACS 5.0
Some third party radius servers
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.