Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
2
Helpful
2
Replies

getWLANProfile and addWLANProfile appear broken for EAP-TLS in 11.5

Go to solution
Jonathan Els
Level 5
Level 5

‎04-20-2018 03:02 PM

AXL version: 11.5

Looks like WLANProfile's schema doesn't include the necessary options for EAP-TLS, and there's server-side breakage as well.  The User Certificate attribute is not supported.

Steps to reproduce

  1. Add WLAN Profile with EAP-TLS option - any user cert option will break
  2. Do a get on name
  3. Hey presto, explosions

Firstly, it's not defined in the all schemas:

     ns0:XWLANProfile(name: xsd:string, description: xsd:string, ssid: xsd:string, frequencyBand: , userModifiable: , authMethod: , userName: xsd:string, password: xsd:string, pskPassphrase: xsd:string, wepKey: xsd:string, passwordDescription: xsd:string, networkAccessProfile: ns0:XFkType)

     ns0:RWLANProfile(name: xsd:string, description: xsd:string, ssid: xsd:string, frequencyBand: , userModifiable: , authMethod: , userName: xsd:string, password: xsd:string, pskPassphrase: xsd:string, wepKey: xsd:string, passwordDescription: xsd:string, networkAccessProfile: ns0:XFkType, uuid: ns0:XUUID)


     ns0:LWLANProfile(name: xsd:string, description: xsd:string, ssid: xsd:string, frequencyBand: , userModifiable: , authMethod: , userName: xsd:string, password: xsd:string, pskPassphrase: xsd:string, wepKey: xsd:string, passwordDescription: xsd:string, networkAccessProfile: ns0:XFkType, uuid: ns0:XUUID)



Secondly, if I do a GUI add, then try to a get on this, I get a server-side failure:


<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">

  <soap-env:Body>

    <ns0:getWLANProfile xmlns:ns0="http://www.cisco.com/AXL/API/11.5">

      <name>axl_get</name>

    </ns0:getWLANProfile>

  </soap-env:Body>

</soap-env:Envelope>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

  <soapenv:Body>

    <soapenv:Fault>

      <faultcode>soapenv:Server</faultcode>

      <faultstring/>

      <detail>

        <axlError>

          <axlcode>-1</axlcode>

          <axlmessage/>

          <request>getWLANProfile</request>

        </axlError>

      </detail>

    </soapenv:Fault>

  </soapenv:Body>

</soapenv:Envelope>

If I try again with a profile option that contains a password, it works just fine.

Clearly cannot handle the userCertificate attr (deducing name from UI page source)Seems to start with the server-side demand for userid/password to be specified...  Not really used for EAP-TLS.  There are other bugs here for cases where you're forced to send blank passwords even when they're not in use...

So, presumably bug? 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Paul Giralt
Cisco Employee
Cisco Employee

‎04-20-2018 04:23 PM

Definitely a bug. Escalated to Engineering. Will get a bug ID for you soon.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Paul Giralt
Cisco Employee
Cisco Employee

‎04-20-2018 04:23 PM

Definitely a bug. Escalated to Engineering. Will get a bug ID for you soon.

0 Helpful

Go to solution
Paul Giralt
Cisco Employee
Cisco Employee

‎04-24-2018 02:10 AM

Bug ID is CSCvj13482

Customers Also Viewed These Support Documents