Bug ID 1205345: RADIUS remote authentication uses internal system IP address as system identifier in requests

Last Modified: Aug 01, 2024

Affected Product(s):
F5OS F5OS, Velos(all modules)

Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-C 1.5.0, F5OS-C 1.5.1

Fixed In:
F5OS-C 1.6.1, F5OS-C 1.6.0, F5OS-A 1.7.0

Opened: Dec 06, 2022

Severity: 3-Major

Symptoms

When configured for RADIUS remote authentication, the F5OS systems send internal system IP address as Network Access Server (NAS) system identifier (NAS-IP-Address or NAS-IPv6-Address), rather than a system management IP. On VELOS systems, the NAS-IPv6-Address will be a link-local IPv6 address in fe80::/64. On rSeries appliances, the NAS-IP-Address will be an address in the internal address range (RFC6598 by default), e.g. 100.65.60.2.

Impact

RADIUS authentication servers may ignore or reject authentication requests due to an unknown system identifier in the requests.

Conditions

RADIUS remote authentication for system users.

Workaround

None.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips