Guest

Preview Tool

Cisco Bug: CSCvh94755 - Client is able to ping management gateway before webauth login

Last Modified

Nov 25, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

8.7(1.131) 8.8(1.53) 8.8(1.59)

Description (partial)

Symptom:
Sanity : Client is able to ping management gw before webauth login

Conditions:
PROBLEM DESCRIPTION
===================

wlc is upgraded to 8.7.1.131. APs 3800,3700,702w and 1850 joined successfully to the ctlr. 
After client associated to the controller with policy manager state WEBAUTH_REQD , Check for the 
client reachability to the ctlr management gw  before webauth login. Here we observed that client is able to 
ping ctle mgmt gw before successful webauth login



TEST CASE / STEPS TO REPRODUCE
==============================
1) Upgrade wlc (3500) with 8.7.1.131
2) APs 3800,3700,702w and 1860 joined sucessfully to the ctlr
3) Create 4 wlans( e.g wlan 1 with wpa2_psk_aes , wlan 2 with wpa2_aes_802.1x, wlan 3 with open_wep104_webauth and wlan 4 with open_wep104 securities)
4) Try to associate client1,client2,client3 and client4 with wlan1,wlan2,wlan3 and wlan4 respectively.
5) All clients associted and got proper IPs
6) Client3 is associated to wlan 3 (ie open_wep104_webauth) and client moved to WEBAUTH_REQD state.
7) Now try to ping ctlr mgmt gw ip fron client before webauth login
8) Here observed that client is able to ping ctlr mgmt gw ip and hence webauth login failed




TESTBED/TOPOLOGY
================
1 wlc - (ct8540)
4 APs - 3800,3700,702w and 1850
4 Clients 1 Wired Client

OBSERVED BEHAVIOR
=================

Client is able to ping ctlr mgmt gw before webauth login

EXPECTED BEHAVIOR
=================

Client should not be able to reach ctlr mgmt gw before sucessfull sebauth login

HOW MANY TIMES SEEN/EASE OF REPRODUCIBILITY
===========================================
consistent

WORKAROUND
==========
NIL

FILES ATTACHED / LOCATION
=========================
Attached the detailed log and show logging

WHY TS/SS/OIB ?
===============
TS, webauth login failed
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.