Cisco Bug: CSCte38645 - RADIUS Attribute NAS-Port(5) not included in Access-Request for Web-Auth
Jun 30, 2016
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
Symptom: The WLC doesn't include the IETF RADIUS attribute "NAS-Port" (5) in the Access-Request for WebAuth logon request to a AAA server. Although the RFC says that NAS-Port "should" be added, this causes ACS to replace this missing information with the username. In the end this affects the applicability of the "Max-Sessions" limits for WebAuth WLANs, as this behavior will be the same as enabling the "Replace RADIUS Port info with Username from this AAA Client" option on the AAA client config on ACS. The "NAS-Port" RADIUS attribute is included in the Accounting-Request for the Web-Auth session. Moreover, this information is included in both the Access-Request and Accounting-Request when 802.1x is configured on a WLAN. Conditions: WLC authenticating Web-Auth users against an external AAA server.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases