Cisco Bug: CSCte27052 - WLC 6.0 - Inconsistency in AAA Override feature
Jun 30, 2016
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
Symptom: Inconsistency of the AAA override feature between WLC version 6.0.182 and 6.0.188 in case MAC-Authentication is configured together with Dot1x user-authentication. Access-Requests can contain already VLAN attributes to give the Radius server a hint about the VLAN to assign. Some Radius server will not reply with the VLAN attributes in case the Access-Request is having already the same VLAN ID the Server would push down in his Access-Accept. If AAA Override is configured on the SSID this can have two possible affects on the VLAN assignment. In 6.0.182: WLC is keeping previous assigned VLAN ID from the MAC-authentication for the user-session. In 6.0.188: WLC is clearing previous assigned VLAN ID from the MAC-authentication for the user-session. Conditions: MAC-Authentication plus Dot1x user-authentication. Dot1x Access-Accept, which does NOT have VLAN ID, if WLC sends Access-Request with matching VLAN ID.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases