Bug ID 701249: RADIUS authentication requests erroneously specify NAS-IP-Address of

Last Modified: Dec 15, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,, 13.1.0,,,,,,,, 14.0.0,,

Fixed In:

Opened: Jan 09, 2018
Severity: 3-Major


RADIUS requests from BIG-IP have attribute NAS-IP-Address =, which might cause authentication to fail. The NAS-IP-Address is essentially the resource an end user client is trying to authenticate to. This is typically the management IP address of the BIG-IP system, but the BIG-IP system always sends instead. That might fail or it might work, depending on how the server is configured.


BIG-IP system always sends instead of the BIG-IP system's management IP address. RADIUS server might not service the request, so authentication fails.


This is an issue for all RADIUS authentication requests that use the attribute NAS-IP-Address. Note: This affects remote control plane authentication only, not APM or other uses of RADIUS.


There is no workaround.

Fix Information


Behavior Change