24 WIRELESS LAN SWITCH AND CONTROLLER MSS VERSION 6.0.4.6 RELEASE NOTES
The pass-through and local AAA methods are mutually
exclusive. Even if a server group named local exists,
MSS does not use the group. In either case, the EAP
session fails and the 802.11 session is deauthenticated
when the client responds to the first identity request.
Do not name a server group local and do not attempt
to mix mutually exclusive authentication methods in
the same command.
Incorrect zero value for Acct-Authentic appears
in accounting statistics. (14851)
In the output of the display accounting statistics
command, the Acct-Authentic field in accounting
records always displays 0 (zero) to indicate the loca-
tion where a user was authenticated for the session.
The correct value is 1 (one) if RADIUS performed
authentication or 2 if authentication took place in the
local WX database.
Ignore the Acct-Authentic value in display account-
ing statistics output.
Clients using Intel 3945ABG wireless NIC were
unable to connect reliably to network. (28863)
Some client laptops using the Intel 3945ABG adapter
card were not able to connect reliably to the network
because the client ignored the initial GKHS message
sent by the WX switch, timed out, and deassociated
before the switch could retransmit the GKHS mes-
sage.
To work around this problem, set the 802.1X suppli-
cant timeout to 1 second. To do this, use the set
dot1x timeout supplicant command.
CAUTION: Changes to 802.1X parameters affect all
SSIDs managed by the WX switch.
WebAAA Issues
WebAAA using a Windows client and a WX
switch that has a self-signed certificate can
intermittently fail if Windows is configured to
update root certificates. (18597)
If the WX switch uses a self-signed certificate (as
opposed to a CA-issued certificate), and the Microsoft
OS on the WebAAA client is configured to update
root certificates (the default setting), Windows tries to
contact microsoft.com to get updated certificates.
This causes a 15-second delay, after which IE displays
a popup dialog asking whether the user wants to
accept the untrusted certificate from the WX.
Even when the user selects Yes, IE sometimes does
not display the WebAAA Login page served by the
WX switch.
This issue occurs intermittently. If the issue occurs,
reattempt the login.
IPv6 clients cannot authenticate using Web
Portal. (26291)
The web-portal ACL does not work on IPv6 traffic.
IPv6 clients will not be able to authenticate using Web
Portal unless the clients also run IPv4.
This issue affects Web-Portal authentication only. The
other authentication types (802.1X, MAC, and Last
Resort) can be used with IPv6 clients.