Bug ID 701249: RADIUS authentication requests erroneously specify NAS-IP-Address of 127.0.0.1

Last Modified: May 07, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2

Fixed In:
14.1.0, 14.0.0.3, 13.1.0.8, 12.1.3.3

Opened: Jan 09, 2018
Severity: 3-Major

Symptoms

RADIUS requests from BIG-IP have attribute NAS-IP-Address = 127.0.0.1, which might cause authentication to fail. The NAS-IP-Address is essentially the resource an end user client is trying to authenticate to. This is typically the management IP address of the BIG-IP system, but the BIG-IP system always sends 127.0.0.1 instead. That might fail or it might work, depending on how the server is configured.

Impact

BIG-IP system always sends 127.0.0.1 instead of the BIG-IP system's management IP address. RADIUS server might not service the request, so authentication fails.

Conditions

This is an issue for all RADIUS authentication requests that use the attribute NAS-IP-Address. Note: This affects remote control plane authentication only, not APM or other uses of RADIUS.

Workaround

There is no workaround.

Fix Information

None

Behavior Change