General
No Customer specific data is being provided.
Symptom
ISR device will never download new PAC after booting with affected image. From ISE perspective, you will see repeated #CTSREQUEST# for environment-data being sent with no PAC or Invalid PAC. You will also never see router issue a new PAC Request download when affected by this defect.
Conditions
-ISR 4330 running 16.6.7
-TrustSec
-password encryption aes is configured to enable type 6 password;
-cts pac is using type 6 password:
radius server ISE
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
pac key 6
Workaround
-Disable Type 6 encryption. Type 7 and Clear text passwords are not affected;
-Rollback to 16.6.5.
Further Problem Description
