VSA attributes are not included in RADIUS authentication requests

VSA attributes are not included in RADIUS authentication requests

1931
Created On 07/10/23 01:25 AM - Last Modified 06/03/25 20:52 PM


Symptom


  • The firewall running on PAN-OS version 10.1.x, configured to send specific VSAs to the RADIUS server.
  • Packet captures between the firewall and the RADIUS server to confirm the above working scenario display the vendor specific attributes.

                         image.png

  • Post upgrading the firewall from 10.1.x to 10.2.x, the VSA information in the "Access Requests" is missing.
  • The packet capture snippet below shows that the VSA information is missing in the "Access Requests" issued by our firewall to the RADIUS server:

                            image.png

 

 

Environment


  • Palo Alto Firewalls
  • PAN-OS version 10.2.x
  • Radius VSA (Vendor Specific Attributes)

Cause


Software issue.

Resolution


  1. The issue is resolved under PAN-220158  in 10.2.5.
  2. Upgrade will resolve the issue.
  3. Fallback to the previous working PAN-OS version will also resolve the issue.

Additional Information


Enable Delivery of VSAs to a RADIUS Server
RADIUS Vendor-Specific Attributes (VSA)

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kIEiCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language