The pass-through and local AAA methods are mutually exclusive. Even if a server group named local exists, MSS does not use the group. In either case, the EAP session fails and the 802.11 session is deauthenticated when the client responds to the first identity request.
Do not name a server group local and do not attempt to mix mutually exclusive authentication methods in the same command.
Incorrect zero value for Acct-Authentic appears in accounting statistics. (14851)
In the output of the display accounting statistics command, the Acct-Authentic field in accounting records always displays 0 (zero) to indicate the location where a user was authenticated for the session. The correct value is 1 (one) if RADIUS performed authentication or 2 if authentication took place in the local WX database.
Ignore the Acct-Authentic value in display accounting statistics output.
Clients using Intel 3945ABG wireless NIC were unable to connect reliably to network. (28863)
Some client laptops using the Intel 3945ABG adapter card were not able to connect reliably to the network because the client ignored the initial GKHS message sent by the WX switch, timed out, and deassociated before the switch could retransmit the GKHS mes- sage.
To work around this problem, set the 802.1X supplicant timeout to 1 second. To do this, use the set dot1x timeout supplicant command.
CAUTION: Changes to 802.1X parameters affect all SSIDs managed by the WX switch.
WebAAA IssuesWebAAA using a Windows client and a WX switch that has a self-signed certificate can intermittently fail if Windows is configured to update root certificates. (18597)
If the WX switch uses a self-signed certificate (as opposed to a CA-issued certificate), and the Microsoft OS on the WebAAA client is configured to update root certificates (the default setting), Windows tries to contact microsoft.com to get updated certificates.
This causes a 15-second delay, after which IE displays a popup dialog asking whether the user wants to accept the untrusted certificate from the WX.
Even when the user selects Yes, IE sometimes does not display the WebAAA Login page served by the WX switch.
This issue occurs intermittently. If the issue occurs, reattempt the login.
IPv6 clients cannot authenticate using Web Portal. (26291)The web-portal ACL does not work on IPv6 traffic. IPv6 clients will not be able to authenticate using Web Portal unless the clients also run IPv4.
This issue affects Web-Portal authentication only. The other authentication types (802.1X, MAC, and Last Resort) can be used with IPv6 clients.
