Bug ID 853573: RADIUS Auth agent may send AVP NAS-IPv6-Address even if it is empty

Last Modified: Dec 11, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1, 15.1.0

Opened: Nov 27, 2019
Severity: 3-Major

Symptoms

RADIUS Auth agent sends an Access-Request packet with the NAS-IPv6-Address included, even if the field is not configured in AAA RADIUS Server. The agent sends a zeroed value.

Impact

The AVP NAS-IP6-ADDRESS is included in the auth request when it should not be. The exact impact of this is unknown.

Conditions

RADIUS AAA Serer, RADIUS Auth Agent, Access Policy, Virtual Server are created in non-default partition with non-default route domain assigned.

Workaround

Recreate AAA RADIUS Server using tmsh.

Fix Information

None

Behavior Change