Guest

Preview Tool

Cisco Bug: CSCte38645 - RADIUS Attribute NAS-Port(5) not included in Access-Request for Web-Auth

Last Modified

Jun 30, 2016

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

6.0(188.0) 6.0(188.152)

Description (partial)

Symptom:
The WLC doesn't include the IETF RADIUS attribute "NAS-Port" (5) in the Access-Request for WebAuth logon request to a AAA server.

Although the RFC says that NAS-Port "should" be added, this causes ACS to replace this missing information with the username.
In the end this affects the applicability of the "Max-Sessions" limits for WebAuth WLANs, as this behavior will be the same as enabling the "Replace RADIUS Port info with Username from this AAA Client" option on the AAA client config on ACS.

The "NAS-Port" RADIUS attribute is included in the Accounting-Request for the Web-Auth session.
Moreover, this information is included in both the Access-Request and Accounting-Request when 802.1x is configured on a WLAN.

Conditions:
WLC authenticating Web-Auth users against an external AAA server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.