There are workarounds that addresses this vulnerability. Choose one of the following based on the environment:

Option 1: No Macfilters in the Environment

Customers who do not use macfilters can reset the macfilter radius compatibility mode to the default value using the following CLI command:

wlc > config macfilter radius-compat cisco

Option 2: Macfilters in the Environment

Customers who use macfilters and who are able to change the radius server configuration to match other possible compatibility modes can modify the macfilter compatibility to either cisco or free using one of the following CLI commands:

wlc > config macfilter radius-compat cisco
wlc > config macfilter radius-compat free

For more information about the different macfilter compatibility modes, see Cisco Wireless Controller Command Reference.

While these workarounds have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.