Guest

Preview Tool

Cisco Bug: CSCvv78637 - WLC fails to send Class attribute to Accounting aaa server

Last Modified

Oct 13, 2020

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

8.5(140.0)

Description (partial)

Symptom:
When using Web Auth on the controller with Radius Accounting, the Class (IETF attribute 25) is sent in the Access-Accept from the Radius server but is failing 5% to be sent in the Accounting Request.  In this case the Accounting Request is being sent to another IP then the Access-Accept was received on.

The WLAN is also configured to send RADIUS Accounting packets to firewall where the same user group assignment is then used to control the users’ access to the internet, if user doesn't have a group assignment in the accounting packet the FW missess its policies and will either grant full internet access or deny all access.

Per the Radius RFC the class attribute should be sent unchanged from the Access-Accept to the Accounting-Request.

Conditions:
5520 WLC using Web Auth with ISE as a Radius authentication server
Accounting enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.