BugZero | Cisco BugID CSCvx00270 - WLC not centrally switching traffic when airspace-...

Cisco - Defect ID: CSCvx00270

WLC not centrally switching traffic when airspace-interface-name from radius doesn't exist on FC AP.

Cisco - Defect ID: CSCvx00270

WLC not centrally switching traffic when airspace-interface-name from radius doesn't exist on FC AP.

Last updated on 5/11/2022

Overall: 5.75.7

Severity: 6.46.4

Lifecycle: 44.0

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 5.75.7

Severity: 6.46.4

Lifecycle: 44.0

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Based on this guide: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/Enterprise-Mobility-8-5-Design-Guide/Enterprise_Mobility_8-5_Deployment_Guide/ch7_HREA.html This should work like this: Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in connected mode are as follows: If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally and the client is assigned this VLAN/Interface returned from the AAA server provided that the VLAN exists on the WLC. If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally. If that VLAN is also not present on the WLC, the client will be assigned a VLAN/Interface mapped to a WLAN on the WLC. If the VLAN is returned as one of the AAA attributes and that VLAN is present in the FlexConnect AP database, traffic will switch locally. If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic is switched locally. We have been working with APs in connected mode for now. Our issue is that when we return from radius server any airspace-interface-name or vlan name, the traffic is not centrally switched if that returned value is not present on the FC AP/FC vlan template. It is locally switched instead and this is not correct. If we set a vlan id to be returned on radius, this works fine but not when using names. Realized when we use names, the debug aaa all enable shows vlan ID 0: vlanIfName: 'FIVE', vlanId:0 (no option to change that vlan tag on ISE side, there is a tag field but only goes up to 30 so should be for something else...) When we use numbers, vlan ID is fine and works as expected: vlanIfName: '5', vlanId:5 The priority is to fix this when we use airspace-interface-name value from ISE.

Conditions

WLC: 5520 with 8.5.140 (tested in 8.10.130.0 and same results) Access points: 2802I ISE: 2.0

Workaround

Return vlan numbers instead of names from ISE.

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvx00270

WLC not centrally switching traffic when airspace-interface-name from radius doesn't exist on FC AP.

Cisco - Defect ID: CSCvx00270

WLC not centrally switching traffic when airspace-interface-name from radius doesn't exist on FC AP.

Last updated on 5/11/2022

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?