Preview Tool

Cisco Bug: CSCte27052 - WLC 6.0 - Inconsistency in AAA Override feature

Last Modified

Jun 30, 2016

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

6.0(182.0) 6.0(188.0)

Description (partial)

Inconsistency of the AAA override feature between WLC version 6.0.182 and 6.0.188 in case MAC-Authentication is configured together with Dot1x user-authentication.

Access-Requests can contain already VLAN attributes to give the Radius server a hint about the VLAN to assign. Some Radius server will not reply with the VLAN attributes in case the Access-Request is having already the same VLAN ID the Server would push down in his Access-Accept.

If AAA Override is configured on the SSID this can have two possible affects on the VLAN assignment.

In 6.0.182:
WLC is keeping previous assigned VLAN ID from the MAC-authentication for the user-session.

In 6.0.188:
WLC is clearing previous assigned VLAN ID from the MAC-authentication for the user-session.

MAC-Authentication plus Dot1x user-authentication.

Dot1x Access-Accept, which does NOT have VLAN ID, if WLC sends Access-Request with matching VLAN ID.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.