Guest

Preview Tool

Cisco Bug: CSCuw91763 - Feature "AES Key Wrap" does not work

Last Modified

Aug 13, 2019

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

8.0(120.0) 8.0(120.9)

Description (partial)

Symptom:
When using 802.1x one can select "Use AES Key Wrap" under the Radius Authentication settings, however WLC rejects the authentications with "Rejecting Cisco MAC Attribute due to MAC mismatch" as soon it receives a Radius Access-Challenge from the Radius Server.
In MessageLogs we see:
[...]
 #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:449  Authentication Aborted for client xx:xx:xx:xx:xx:xx
 #DOT1X-3-INVALID_KEYWRAP_PKT: 1x_auth_pae.c:3163 Received invalid keywrap packet - invalid interim response
[...]

Conditions:
WLAN with WPA2-Enterprise and AES. Enable "Use AES Key Wrap".

Related Community Discussions

ISE v1.2 - Endpoint abandoned EAP session and started new
Hi. I have lots of clients that are not able to log on to both wired and wireless networks, and they always fails with these errors. 5411 Supplicant stopped responding to ISE 5440 Endpoint abandoned EAP session and started new This is with certificate authentication, both for client and for machine. The clients are for the most part Windows 7. We use both Cisco and Aerohive for wireless, and the switch I have tested with is a Cisco2960S A few strange things: It works perfectly for a lot of clients ...
Latest activity: Dec 08, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.