Guest

Preview Tool

Cisco Bug: CSCus46844 - 802.1x 3650 Radius Response not picked up by AAA code

Last Modified

Mar 01, 2018

Products (1)

  • Cisco IOS

Known Affected Releases

3.6(0) 3.7(0)

Description (partial)

Symptom:
Some AAA servers configured are working fine. Other AAA servers configured are not. 
EPC (packet capture) on the switch is able to see correct Radius response but Radius code does not pick it up (does not see it) - and as a result marks the server as DEAD. Those packets are RFC 2865 compliant.

The issue is always there. We can have dot1x/mab or just simple PAP with test aaa command - the issue is still there - but only for some AAA servers. The configuration for working and non-working AAA server is identical (just different ip).
For non-working ip it's never working.
For working ip it's always working.
Packet captures for the response shows identical data (with ip difference and authenticator header).

Please see the bigpicture.txt for more details.

Conditions:
just specific (unlucky) ip for radius configuration
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.