Preview Tool

Cisco Bug: CSCur83728 - AnyConnect NAM doesn't send an EAPoL logoff when CAC card is removed

Last Modified

Nov 06, 2018

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

3.1(5080) 3.1(51)

Description (partial)

On AnyConnect NAM, there is no EAPoL logoff message sent when a CAC or similar smartcard is removed.

The issue here is that when a user removes their smartcard the switch has no way to know to terminate their session. If reauthentication is configured, then whenever the switch initiates a reauthentication session the reauthentication session gets caught in this quasi-authenticated state since the endpoint is no longer able to provide the required credentials stored on the smartcard--which has been removed. Since the user had to re-enter their credentials by inserting the CAC card, there is no loss by sending the EAPoL logoff packet to the switch or WLC.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.