Last Modified: Sep 13, 2023
Known Affected Versions:
13.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 14.0.0, 220.127.116.11, 18.104.22.168
14.1.0, 22.214.171.124, 126.96.36.199, 188.8.131.52
Opened: Jan 09, 2018 Severity: 3-Major
RADIUS requests from BIG-IP have attribute NAS-IP-Address = 127.0.0.1, which might cause authentication to fail. The NAS-IP-Address is essentially the resource an end user client is trying to authenticate to. This is typically the management IP address of the BIG-IP system, but the BIG-IP system always sends 127.0.0.1 instead. That might fail or it might work, depending on how the server is configured.
BIG-IP system always sends 127.0.0.1 instead of the BIG-IP system's management IP address. RADIUS server might not service the request, so authentication fails.
This is an issue for all RADIUS authentication requests that use the attribute NAS-IP-Address. Note: This affects remote control plane authentication only, not APM or other uses of RADIUS.
There is no workaround.