Guest

Preview Tool

Cisco Bug: CSCvu53355 - Framed-IP-Address not populated in Guest CoA Push (Custom Device Profile)

Last Modified

Jun 08, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.156)

Description (partial)

Symptom:
CoA push when using the Authentication VLAN (DHCP Server) feature which is commonly used for 3rd party integrations for Guest Access when a Layer 7 Web Redirect is not possible, fails to include the attribute requested "RADIUS:Framed-IP-Address"

The inability to perform this action, limits the deployability on certain platforms, such as the ASR1K ISG. 

The expected behaviour for this scenario, would be that the endpoint IP Address is populated within the CoA reply, thereby allowing the third party device to leverage the IP address to allow for session to IP address mapping, to elicit policy enforcement/change.

Conditions:
ISE is configured as DHCP Server / DNS Server (Authentication VLAN feature) 

ISE is using a device profile to customise CoA behaviour 

Authenticator is a 3rd party device or Cisco ISG (ASR1K) which is used with the aforementioned device profile
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.