Cisco Bug: CSCur83728 - AnyConnect NAM doesn't send an EAPoL logoff when CAC card is removed
Nov 06, 2018
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: On AnyConnect NAM, there is no EAPoL logoff message sent when a CAC or similar smartcard is removed. Conditions: The issue here is that when a user removes their smartcard the switch has no way to know to terminate their session. If reauthentication is configured, then whenever the switch initiates a reauthentication session the reauthentication session gets caught in this quasi-authenticated state since the endpoint is no longer able to provide the required credentials stored on the smartcard--which has been removed. Since the user had to re-enter their credentials by inserting the CAC card, there is no loss by sending the EAPoL logoff packet to the switch or WLC.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases