Guest

Preview Tool

Cisco Bug: CSCus07013 - Adding mac filter check when client is changing SSID for webauth

Last Modified

May 30, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.4(121.0) 8.0(110.5)

Description (partial)

Symptom:
5508 with 7.4.121.0,  AP model are 1142+2602 (local model).
 
SSID 7 :  mac filter(external MS NPS server A)+ mac auth on mac filter failure (external portal against MS AD A)
SSID 9 : WPA/WPA2 PSK
SSID 11: mac filter(external MS NPS server B)+ mac auth on mac filter failure (external portal against MS AD B)
 
The two MS NPS servers for SSID 7 and 11 are different, the two external portal for SSID 7 and 11 are also different.
 
We run the below test with a device(the mac of this device is in MS NPS server A but not in MS NPS server B)
 
Client connect to SSID7 first, then he switch to SSID 11, the mac auth will failed as expected, but he found that he will not be redirected for web auth and will be granted for internet access, the state is ?RUN?
Client connect to SSID9 first, then he switch to SSID 11, the symptom is the same as the 1st one
Remove the client session on WLC, client connect to SSID 11 directly, he will be redirected to web auth and the state is ?Webauth_REQ?

So it seems that if there is existing session for this client on WLC, the client can connect the SSID 11 without web auth...

Conditions:
with fast SSID change enabled

Related Community Discussions

8.0MR3 Beta Availability
8.0.122.x Available - 8.0MR3 Beta 8.0MR3 (8.0.132.0) is now posted, the beta process is closed. Thanks for all the feedback! Resolved Caveats CSCtl96208 capwap ap hostname CLI returns "ERROR!!! Command is disabled." CSCtu45614 Spectrum Management Bit Should be set to 1 all the time CSCul07738 DPAA Tx/Rx stuck; reload due to ethernet interface receive failure CSCum86031 Roaming 5508 to 5760 applies wrong QOS policy on configuring aaa-overrid CSCun12965 Lightweight AP should not send jumbo frame by ...
Latest activity: Apr 01, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.