Cisco Bug: CSCtd00454 - SSLVPN on IOS not forwarding Class attribute in accounting packets
Jan 31, 2017
- Cisco IOS
Known Affected Releases
12.4(24)T1 15.0(1)M 15.1(1.12)T 15.1(1.2)PI13d 15.1(1.4)T
Symptom: Accounting START packets from IOS SSL VPN connections are missing attributes that were sent to the router in the radius access-accept, including the Class attribute (IETF 25). Per RFC the Class attribute must be forwarded out in the accounting start packet if it exists. This appears to be due to the IOS SSL-VPN not created a unique AAA DB on the router to store the incoming attributes. Conditions: SSL-VPN on IOS 12.4 T line and 15.0 M line when doing clientless webvpn and also Anyconnect. Causes issues when using accounting to do group mapping for Clean Access VPN Single Sign On (uses the incoming class attribute in the accounting start packet).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases