LAN Enforcer kernel panic caused guest user authentication with Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)
|Article:TECH148016|||||Created: 2011-01-12|||||Updated: 2012-01-04|||||Article URL http://www.symantec.com/docs/TECH148016|
LAN Enforcer kernel panic caused by guest user authentication with EAP-TLS.
The LAN Enforcer will halt, displaying the message "Kernel Panic".
The packet capture will show that the client MAC address does not have SNAC installed, it is configured with EAP-TLS method, and it sends empty user name in EAP-Identity.
Kenel.log will show: [ radproxy.c][ 2080]: Empty USER NAME, replace with 'Guest' instead
LAN ENFORCER RU6a MP1/RU5
Switch: Cisco 2950
The EAP-Identity with empty user name leads to Kernel Panic later after client authentication.
Code changes made to prevent kernel panic; Upgrade to SNAC RU6 MP2
Article URL http://www.symantec.com/docs/TECH148016