Guest

Preview Tool

Cisco Bug: CSCuj27743 - ASR1k: ISG isn't RFC2865 compliant - Framed-IP=255.255.255.255

Last Modified

Apr 18, 2019

Products (17)

  • Cisco IOS
  • Cisco ASR 901-6CZ-F-D Router
  • Cisco ME 3600X-24TS-M Switch
  • Cisco ASR 901-4C-FT-D Router
  • Cisco ASR 901-6CZ-F-A Router
  • Cisco ASR 901-6CZ-FT-A Router
  • Cisco ASR 901-12C-FT-D Router
  • Cisco ME 3600X-24FS-M Switch
  • Cisco 7600 Series Route Switch Processor 720 with Multilayer Switch Feature Card
  • Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks
View all products in Bug Search Tool Login Required

Known Affected Releases

15.3(3)S

Description (partial)

Symptom:
During a client tries to authenticate (e.g. via EAPSIM in a public wireless LAN), an Access-Point from some vendors could sent in a radius Access-Request packet a Framed-IP-Adress of all ones  (255.255.255.255). The ISG feature will currently reject this access-request.

 RADIUS(00000000): Send Access-Reject to A.B.C.D:54068 id 64, len 70
 <snip>
 RADIUS:   <snip> [Invalid IP assig]

Conditions:
This happens only if the vendor sents in the access-request a Framed-IP-Address of 255.255.255.25

Related Community Discussions

ISG radius-proxy attribute filtering
device: CSR1000v IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(2)S0a running-config in attachment I'm trying to use ISG as a AAA proxy. NAS uses RADIUS to assing an IP address to the client. Whenever NAS sends access-request to ISG, ISG starts to parse recieved attributes and forms a proxy session. As NAS yet doesnt know the Framed-IP-Address(it supposed to recieve it in access-reply) it filles the field with 255.255.255.255. ISG can't parse this &quot;invalid&quot; address and proxy ...
Latest activity: Dec 03, 2013
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.