Cisco Bug: CSCvt16054 - WEBAUTH: on reaching 255aces/port, new incoming http connections are allowed without auth
Apr 23, 2020
- Cisco Catalyst 3900 Software
Known Affected Releases
alternate set of policy configs are provided as workaround Symptom: After dacl/port are exhausted, new sessions are allowed unauthenticated. Conditions: webauth with DACL download. When the number of DACLs downlaoded on the port exceeds 255, for newer webauth sessions the preauth Acl is not programmed. As a result the traffic for new mac is allowed without authentication.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases