Guest

Preview Tool

Cisco Bug: CSCut02524 - default NAS-ID value at the AP-Groups should be empty or "none"

Last Modified

Oct 03, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.6(130.0) 8.0(110.0) 8.0(122.15) 8.0(122.27) 8.0(122.9) 8.1(123.2)

Description (partial)

Symptom:
When customer configures a new AP-Group without configuring NAS-ID (because they use the ones at the WLAN level and don't want to configure any at the AP-Group level, as this would override the ones of the WLAN), the configuration automatically adds the WLC hostname as the default NAS-ID value. This leads to two problems:

1) This confuses people to think there was a NAS-ID value configured at the AP-Group, and that it could be used during authentication doing an override to the ones configured at the WLAN level. The only way to confirm which one is actually going to be used is by testing and taking debugs. In addition, if customer configures the "none" value on the AP-Group's NAS-ID field (with the command "config wlan apgroup nasid none apgroup-name"), the WLC keeps the hostname as the default name and still confuses as to whether this was actually applied or not, and documentation is not clear explaining that WLAN level NAS-ID value will override the default value at the AP-Group level (which is identified as the hostname).

2) If a configuration file is uploaded from the WLC, the configuration file has the following command applied to each AP-Group: "config wlan apgroup nasid HOSTNAME apgroup-name", instead of "config wlan apgroup nasid none apgroup-name". Therefore, if this configuration file is loaded to another WLC that should have the same setup (but has different hostname), then the WLC feels this is not the "default" value so it will start using the AP-Groups NAS-ID value during authentication doing an override to the ones configured at the WLAN level. This affected customer's production environment with the RADIUS rejecting the authentication until it was confirmed that the problem was because the WLC was using the AP-Groups NAS-ID, even though this was never configured.

Conditions:
- Use NAS-ID value configured at the WLAN level on authentication policies.
- Configure an AP-Group without configuring NAS-ID (because the ones at the WLAN level will be used and don't want to configure any at the AP-Group level, as this would override the ones of the WLAN as per current WLC behavior).
- Upload the configuration file from the WLC (take a backup config file).
- Notice that this configuration file has the following command applied to each AP-Group: "config wlan apgroup nasid HOSTNAME apgroup-name", instead of "config wlan apgroup nasid none apgroup-name".
- Load this configuration file to another WLC that should have the same setup (but has different hostname).
- The WLC will start using the AP-Groups NAS-ID value during authentication doing an override to the ones configured at the WLAN level, because for this WLC, this NAS-ID value of the AP-Groups is not the "default" one, so it must override any other NAS-ID configured at lower levels.

Related Community Discussions

8.0MR3 Beta Availability
8.0.122.x Available - 8.0MR3 Beta 8.0MR3 (8.0.132.0) is now posted, the beta process is closed. Thanks for all the feedback! Resolved Caveats CSCtl96208 capwap ap hostname CLI returns "ERROR!!! Command is disabled." CSCtu45614 Spectrum Management Bit Should be set to 1 all the time CSCul07738 DPAA Tx/Rx stuck; reload due to ethernet interface receive failure CSCum86031 Roaming 5508 to 5760 applies wrong QOS policy on configuring aaa-overrid CSCun12965 Lightweight AP should not send jumbo frame by ...
Latest activity: Apr 01, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.