Guest

Preview Tool

Cisco Bug: CSCvt54792 - C1111 not generating AAA/Radius packets for dot1x auth unless password encryption is disabled

Last Modified

Sep 01, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.6.3 16.9.5

Description (partial)

Issue is customer visible, customer found.

Symptom:
When using type 6 passwords (passwords encrypted with AES) under the RADIUS server group, IOS XE Router (issue has been seen on C1111 but it's not limited to only this platform) stops generating RADIUS packets used for 802.1X authentication.

Conditions:
Router configured to encrypt the password:

  password encryption aes 
  key config-key password-encrypt

  radius server ISE2
   address ipv4 x.x.x.x auth-port 1645 acct-port 1646
   key 6 <encryped_password>

* This issue only exhibits when a dot1x authentication needs to be performed.
** "Test aaa" will work fine.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.