BugZero | Cisco BugID CSCwi99276 - NAC is not in the policy profile configuration whe...

Cisco - Defect ID: CSCwi99276

NAC is not in the policy profile configuration when deployed from Prime Infrastructure/9800 GUI

Cisco - Defect ID: CSCwi99276

NAC is not in the policy profile configuration when deployed from Prime Infrastructure/9800 GUI

Last updated on 5/9/2025

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

When configuring a policy profile with network access control (NAC) enabled on Prime and deploying it on a Catalyst 9800 controller, "nac" is not part of the running-config/startup-config section for the defined policy profile. However, "#show wireless profile policy detailed " shows NAC status as ENABLED. The GUI configuration for the policy profile shows NAC enabled as well.

Conditions

Deploying a policy profile with network access control (NAC) enabled from Prime Infrastructure.

Workaround

Enable NAC manually on the policy profile from the CLI of the Catalyst 9800 WLC. WLC(config-wireless-policy)#nac

Further Problem Description

While deploying the "TEST_CWA_NAC" policy profile from Prime, one can see that "nac" is not part of the running-config for the "wireless profile policy TEST_CWA_NAC" section: WLC#show run all | s TEST_CWA_NAC wireless profile policy TEST_CWA_NAC aaa-override no aaa-override vlan fallback aaa-policy default-aaa-policy accounting-interim no call-snoop dot11 24ghz airtime-fairness default-atf-profile dot11 5ghz airtime-fairness default-atf-profile no et-analytics enable exclusionlist timeout 60 flex umbrella dhcp-dns-option flex umbrella mode ignore no guest-lan enable-session-timeout idle-threshold 0 idle-timeout 300 ip arp-limit rate burst_interval 5 ip arp-limit rate pps 100 ip mac-binding ip nd-limit rate burst_interval 5 ip nd-limit rate pps 100 no ipv4 arp-proxy no ipv4 dhcp opt82 no ipv4 dhcp opt82 ascii no ipv4 dhcp opt82 format ap_ethmac no ipv4 dhcp opt82 format ap_location no ipv4 dhcp opt82 format apmac no ipv4 dhcp opt82 format apname no ipv4 dhcp opt82 format policy_tag no ipv4 dhcp opt82 format ssid no ipv4 dhcp opt82 format vlan_id no ipv4 dhcp opt82 rid no ipv4 dhcp opt82 vrf ipv4 dhcp required ipv4 dhcp server 0.0.0.0 no ipv6 nd proxy no link-local-bridging mdns-sd service-policy default-mdns-service-policy no multicast filter no passive-client qbss-load session-timeout 1800 no static-ip-mobility vlan 200 no wgb broadcast-tagging no wgb vlan no shutdown While the policy profile details show it enabled: WLC#show wireless profile policy detailed TEST_CWA_NAC | inc NAC Policy Profile Name : TEST_CWA_NAC NAC : ENABLED NAC Type : ISE NAC

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwi99276

NAC is not in the policy profile configuration when deployed from Prime Infrastructure/9800 GUI

Cisco - Defect ID: CSCwi99276

NAC is not in the policy profile configuration when deployed from Prime Infrastructure/9800 GUI

Last updated on 5/9/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?